I have found in testing that with blocking, the application 'skype' and 'skype-probe' if the user is not logged in the policy will block the user from signing into skype, but if the user is already signed into skype and plugs in behind the palo policy, the traffic log shows skype being blocked, but the user is still able to IM. Am I missing something?
Make sure you have enabled "Rematch Sessions" under Device -> Setup -> Session and commit. Test again and see if you get similar results. Thank you.
As per this article: How to Block SKYPE you should not block skype-probe: "Skype-probe needs to be allowed. Skype-probe runs over port 80 and is used to setup initial connections. When Skype-probe is blocked, the application will encrypt the communication and start using alternate open ports which is why it needs to be allowed."
Have you already tried that ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!