...
Requirements for configuring the SBC Edge in support of Teams Direct Routing include:
| Caption |
|---|
| 0 | Table |
|---|
| 1 | SBC Edge Requirements |
|---|
|
| Requirement | Details |
|---|
SBC Behind the NAT*
| Public IP address of NAT device and Private IP address of the SBC. | | SBC with Public IP | Public IP address of SBC is required. | | Network Address Translation (NAT)* Configuration | Required for deployment of an SBC behind a NAT. | | Public FQDN | The Public FQDN must point to the Public IP Address. | | Public certificate associated with the Public FQDN | Certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported. |
|
...
- certificate information.
- Refer to CCADB Documentation for the comprehensive list of supported CAs.
|
|
...
| | Static IP Address | Required for deployment of an SBC behind a NAT, the Public IP address on the NAT must be static. |
*NAT translates a public IP address to a Private IP address. |
Obtain Domain Name
...
| Note |
|---|
Do not use the *.onmicrosoft.com tenant for the domain name. |
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Domain Name Examples |
|---|
|
| Domain Name | Use for SBC FQDN? | FQDN Names - Examples |
|---|
| SonusMS01.com |  | Valid names: | hybridvoice.org | | Valid names: - sbc1. hybridvoice.org
- ussbcs15. hybridvoice.org
- europe. hybridvoice.org
Non-Valid name: sbc1.europe.hybridvoice.org (requires registering domain name europe. hybridvoice.org in “Domains” first) |
|
| Info |
|---|
Users may be from any SIP domain registered for the tenant. For example, you can configure user user@SonusMS01.com with the SBC FQDN name sbc1.hybridvoice.org, as long as both names are registered for the tenant. |
| Caption |
|---|
| 0 | Figure |
|---|
| 1 | Configure Domain Names - Example |
|---|
|
 Image Modified |
| Note |
|---|
| title | Prerequisite - Verify Domain Before Adding PSTN Gateway |
|---|
|
Verify the correct domain name is configured for the Tenant. The correct domain name is required for the SBC to pair with Microsoft Teams. - On the Microsoft Teams Tenant side, execute Get-CsTenant.
- Review the output.
- Verify that the Domain Name configured is listed in the Domains and DomainUrlMap attributes. If the Domain Name is incorrect or missing, the SBC will not pair with Microsoft Teams.
|
...
The tables below represent ACL (Access Control List) examples that protect the SBC Edge; these attributes are automatically provisioned if the Teams-related Easy Configuration wizards are used (applies to the greenfield deployment scenario only).
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Public Access In - Requirements |
|---|
|
Description | Protocol | Action | Src IP Address | Src Port | Dest IP Address
| Dest Port |
|---|
Outbound DNS Reply | TCP | Allow | 0.0.0.0/0 | 53 | SBC/32 | 0-65535 | Outbound DNS Reply | UDP | Allow | 0.0.0.0/0 | 53 | SBC/32 | 0-65535 | Outbound NTP Reply | UDP | Allow | 0.0.0.0/0 | 123 | SBC/32 | 123 | Outbound SIP Reply | TCP | Allow | 0.0.0.0/0 | 5061 | SBC/32 | 1024-65535 | Inbound SIP Request | TCP | Allow | 0.0.0.0/0 | 1024-65535 | SBC/32 | 5061* | Inbound Media Helper
| UDP | Allow | 52.112.0.0/14 | 49152-53247 | SBC/32 | 16384-17584** | Deny All | Any | Deny | 0.0.0.0/0 |
|
...
...
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Public Access Out - Requirements |
|---|
|
Description | Protocol | Action | Src IP Address | Src Port | Dest IP Address | Dest Port |
|---|
Outbound DNS Request | TCP | Allow | SBC/32 | 0-65535 | 0.0.0.0/0 | 53 | Outbound DNS Request | UDP | Allow | SBC/32 | 0-65535 | 0.0.0.0/0 | 53 | Outbound NTP Request | UDP | Allow | SBC/32 | 0-65535 | 0.0.0.0/0 | 123 | Outbound SIP Request | TCP | Allow | SBC/32 | 0-65535 | 0.0.0.0/0 | 5061 | Inbound SIP Reply | TCP | Allow | SBC/32 | 5061* | 0.0.0.0/0 | 1024-65535 | Outbound Media Helper
| UDP | Allow | SBC/32 | 16384-17584** | 52.112.0.0/14 | 49152-53247 | Deny All | Any | Deny | 0.0.0.0/0 |
|
...
| * Define in Tenant configuration
...
The tables below represent ACL (Access Control List) examples that protect the SBC Edge; these ACL attributes are automatically provisioned if the Teams-related Easy Configuration wizards are used (applies to the greenfield deployment scenario only).
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Public Access In - Requirements (Media Bypass Scenario) |
|---|
|
Description | Protocol | Action | Src IP Address | Src Port | Dest IP Address | Dest Port |
|---|
Inbound Media Bypass Helper
| UDP | Allow | 0.0.0.0/0 | 1024-65535 | SBC/32 | 16384-21186** |
|
| Caption |
|---|
| 0 | Table |
|---|
| 1 | Public Access Out - Requirements (Media Bypass Scenario) |
|---|
|
Description | Protocol | Action | Src IP Address | Src Port | Dest IP Address | Dest Port |
|---|
Outbound Media Bypass Helper
| UDP | Allow | SBC/32 | 16384-21186** | 0.0.0.0/0 | 1024-65535 |
|
* Define in Tenant configuration
...
** Depends of the Media Port paired configured in SBC