Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Block skype partially work

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Block skype partially work

L3 Networker

Hello,

I have panos 3.1.10 and I have rule to block skype and skype-probe application.

I'm using skype client 5.6.59.110 and the behavior is the following:

- skype client authenticate and goes  online

- contact became green (online status)

- Calls doesn't work (no ringing tone)

- chat seams work but whit a lot of delay (i.e when you send a message the contact receive it hours later)

Does this behavior lokk correct against application block rule above ?

From my point of view it looks strange that we can login and send chat messages.

Any suggestion ?

6 REPLIES 6

L6 Presenter

Whats the output from the logs of your PAN unit when you does this?

Is the login perhaps identified as web-browsing and since you allow web-browsing this will be allowed to pass?

Also which appid database version do you currently use?

L4 Transporter

In order to block skype you should allow skype-probing and block skype.

https://live.paloaltonetworks.com/docs/DOC-1505

rgds Roland

thank's .. allowing skype-probe even chat services is blocked thank's.

Anyway the Authentication work and Client looks like is online.

Is that the expected behavior of blocking skype application ?

I just double checked. Skype does not even connect in my setup in the Lab. Did you try to stop and start the skype application ?

yes, I did.

Is there other skype users in your LAN ? How does your Security Policy regarding Skype look like ?

http://en.wikipedia.org/wiki/Skype_protocol

Remember you cannot block skype for only part of your users in the same IP subnet. Either you block skype for all users in a given IP subnet or you will loose the game. If you allow one user to use skype, this users skype can become a Supernode which allows other skype users in the same subnet to proxy connections through it.

That might be the case ?

  • 3259 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!