- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-04-2013 03:59 AM
Hi,
An environment like LAN - PAN - Proxy - Router - Internet
is there a way to block everything but allow just skype.No web browsing, nothing allowed except skype.
I tried some rules but skype couldn't connect.
Thanks.
04-04-2013 06:06 AM
Hello,
Try a rule allowing only skype and ssl, destinated to Any, with url filtering blocking everything but allowing *.skype.com in the whitelist, followed by a rule Deny Any/Any.
Keep an eye on the monitor tab and try to use skype and see if you can identify what application and destination is being blocked from your test workstation and fine tune the rule.
If even then it doesn't work, let us know.
Best regards.
04-04-2013 08:47 AM
If you allow SSL and URL filtering but you don't intercept/decrypt SSL, won't that not work? Or will PA try to match based on the certificate?
Also make sure you allow skype-probe too in your App column (or I guess PANOS 5 handles app dependencies automagically, so it won't be an issue). Doesn't hurt to have it explicitly defined though
04-04-2013 09:19 AM
I second skype-probe suggestion. Try skype-probe explicitly. At very least it'll show you some traffic.
04-04-2013 10:45 AM
So the proxy's denying the traffic? Is the proxy transparent (ex. is it using WCCP?) Or do you explicitly define the proxy on your clients? The Skype client might need to be told about the proxy server in that case.
06-12-2013 11:00 PM
Allow web browsing via your proxy in one rule and add separate rule which allows skype and skype-probe without proxy (I mean destination is any IP on the outside). Skype also supports configuration for proxy server, so this can also be used as a solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!