This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Call quality issues with Teams

We just moved to Teams. Calls/meeting inside our network have choppy video/voice quality. People outside the network have no issues. Only if the traffic traverses the UTM does it have issue.

Does anyone have a writeup on how to configure the UTM so it doesn't mess with Teams traffic?

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
  • Depending on the download speed of your internet connection, unless you have more than 8 internal users on a call, I would think you should be OK just excepting the UDP traffic as suggested by papa_.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • We have gigabit internet. Only 8 internal? We have 20-25 people on calls.

  • If you have 20-25 people in the office on call(s) at the same time, you might want to watch top at the command line.

    Let us know if you see high %sy when folks complain.

    Cheers - Bob 

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Here are my Exceptions for Intrusion Prevention and Web Filtering:

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks a lot! I will try this and see what happens.

  • FormerMember
    0 FormerMember in reply to BAlfson

    Hi Bob,

    a question of understanding on my part. What is the purpose of your service definition "Response"? And is it not enough to set the type of definition to UDP?

  • Hallo Ludo - great question!

    A request on port 3478 has dstport="3478" and the response to it has srcport="3478".  Sometimes Teams is responding to us and maybe sometimes we're responding to Teams, so I wanted to be sure that Intrusion Prevention didn't block responses or requests from Teams.  Realistically, we probably only needed the "Response" definitions, but I already had the request Services defined for a firewall Allow rule and I didn't want to risk leaving the client with any exposure.

    The docs from Microsoft specified TCP/UDP, so that's why the request and response Service definitions use that.  UDP is the only thing that might trigger an anti-flooding drop, so that probably could have been used in definitions here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • FormerMember
    0 FormerMember in reply to BAlfson

    Hi Bob,

    the docs from Microsoft specified only UDP (see Screenshot)?! Or do I not understand something?

    Ok, understand, with the responseservice you want to play it safe. But actually this is not necessary, is it?

     

  • I've slept since then, so I don't remember the details of which client I first did this for, whether the client I was using as an example had already started configuring and what other documentation might have led to using TCP/UDP.  If you try this with only UDP, please let us know if that's indeed all that's needed for firewall rules and Intrusion Prevention Exceptions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA