Call quality issues with Teams

Hi Paul,

You might also take a look at https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams.

At one of my clients, I determined that Teams caused a tremendous amount of virtual memory swapping in the UTM even after skipping both Web Filtering and Snort (IPS).  What UTM do you have and what are your Internet speeds?

Cheers - Bob

Hi Paul,

You might also take a look at https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams.

At one of my clients, I determined that Teams caused a tremendous amount of virtual memory swapping in the UTM even after skipping both Web Filtering and Snort (IPS).  What UTM do you have and what are your Internet speeds?

Cheers - Bob

Thanks for that. SG450.

Depending on the download speed of your internet connection, unless you have more than 8 internal users on a call, I would think you should be OK just excepting the UDP traffic as suggested by papa_.

Cheers - Bob

We have gigabit internet. Only 8 internal? We have 20-25 people on calls.

If you have 20-25 people in the office on call(s) at the same time, you might want to watch top at the command line.

Let us know if you see high %sy when folks complain.

Cheers - Bob 

Here are my Exceptions for Intrusion Prevention and Web Filtering:

Cheers - Bob

Thanks a lot! I will try this and see what happens.

Hi Bob,

a question of understanding on my part. What is the purpose of your service definition "Response"? And is it not enough to set the type of definition to UDP?

Hallo Ludo - great question!

A request on port 3478 has dstport="3478" and the response to it has srcport="3478".  Sometimes Teams is responding to us and maybe sometimes we're responding to Teams, so I wanted to be sure that Intrusion Prevention didn't block responses or requests from Teams.  Realistically, we probably only needed the "Response" definitions, but I already had the request Services defined for a firewall Allow rule and I didn't want to risk leaving the client with any exposure.

The docs from Microsoft specified TCP/UDP, so that's why the request and response Service definitions use that.  UDP is the only thing that might trigger an anti-flooding drop, so that probably could have been used in definitions here.

Cheers - Bob

Hi Bob,

the docs from Microsoft specified only UDP (see Screenshot)?! Or do I not understand something?

Ok, understand, with the responseservice you want to play it safe. But actually this is not necessary, is it?

I've slept since then, so I don't remember the details of which client I first did this for, whether the client I was using as an example had already started configuring and what other documentation might have led to using TCP/UDP.  If you try this with only UDP, please let us know if that's indeed all that's needed for firewall rules and Intrusion Prevention Exceptions.

Cheers - Bob