This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Block skype partially work

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Block skype partially work

helenio.sartori
L3 Networker

‎02-06-2012 11:41 PM

Hello,

I have panos 3.1.10 and I have rule to block skype and skype-probe application.

I'm using skype client 5.6.59.110 and the behavior is the following:

- skype client authenticate and goes  online

- contact became green (online status)

- Calls doesn't work (no ringing tone)

- chat seams work but whit a lot of delay (i.e when you send a message the contact receive it hours later)

Does this behavior lokk correct against application block rule above ?

From my point of view it looks strange that we can login and send chat messages.

Any suggestion ?

Labels:
0 Likes Likes
6 REPLIES 6

mikand
L6 Presenter

‎02-07-2012 12:38 AM

Whats the output from the logs of your PAN unit when you does this?

Is the login perhaps identified as web-browsing and since you allow web-browsing this will be allowed to pass?

Also which appid database version do you currently use?

0 Likes Likes

gafrol
L4 Transporter

‎02-07-2012 01:00 AM

In order to block skype you should allow skype-probing and block skype.

https://live.paloaltonetworks.com/docs/DOC-1505

rgds Roland

0 Likes Likes

helenio.sartori
L3 Networker
In response to gafrol

‎02-08-2012 02:29 AM

thank's .. allowing skype-probe even chat services is blocked thank's.

Anyway the Authentication work and Client looks like is online.

Is that the expected behavior of blocking skype application ?

0 Likes Likes

gafrol
L4 Transporter
In response to helenio.sartori

‎02-08-2012 02:47 AM

I just double checked. Skype does not even connect in my setup in the Lab. Did you try to stop and start the skype application ?

0 Likes Likes

helenio.sartori
L3 Networker
In response to gafrol

‎02-08-2012 07:15 AM

yes, I did.

0 Likes Likes

gafrol
L4 Transporter
In response to helenio.sartori

‎02-08-2012 07:23 AM

Is there other skype users in your LAN ? How does your Security Policy regarding Skype look like ?

http://en.wikipedia.org/wiki/Skype_protocol

Remember you cannot block skype for only part of your users in the same IP subnet. Either you block skype for all users in a given IP subnet or you will loose the game. If you allow one user to use skype, this users skype can become a Supernode which allows other skype users in the same subnet to proxy connections through it.

That might be the case ?

0 Likes Likes
  • 3278 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks