Skype for Business not work if use SSL Decrypt

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Skype for Business not work if use SSL Decrypt

L2 Linker

Hi,

 

Is it possible to exclude Skype for Business application from SSL Decrypt?

 

Custom No decrypt URL category is not an option because new clients with on-premises Skype instances coming constantly.

 

br

Toni

6 REPLIES 6

Cyber Elite
Cyber Elite

@ToniE,

You aren't able to exclude specific applications from SSL-Decryption. Your only option is either going to be custom URL categories or excluding the on-site server IP addresses from decryption. 

Cyber Elite
Cyber Elite

Hello @ToniE,

We also have this issue. Our solution was to instruct the users to use the web version of the conference if the conference was hosted by a 3rd party. We then had to exclude the Lync/Skype applications from URL filtering since not everyone has dns extries and sometimes they have just IP's.

 

Hope that helps.

L7 Applicator

Hi @ToniE

 

Actually there is an option to exclude an application form TLS decryption ... ok, it is a creative workaround to achieve that goal but this solution here should work also in your case: https://live.paloaltonetworks.com/t5/Community-Blog/How-to-bypass-SSL-decryption-for-an-application/...

 

Instead of the application in the article, you have to use ms-lync-base and/or ms-lync-online. There probably the first connection attemt still fails as the firewall will add the IP after this attempt to that dynamic group, but it is a solution that could save you a lot of work and complaints from customers.

 

Regards,

Remo

 

Edit: Of course only if the security policies of your company allow such a dynamic TLS decryption exclusion, cause this will add the risk of not decrypting misidentified connections. And thepotential risk that this configuration could be exploited to send data out of your network without decryption

skype.png

Try adding tose to your custom url then add that to no decrypt. I got it working by doing this.

 

Andy

Hello Remo,

 

Thanks for workaround. We have to think best solution.

 

br

Toni

 

  • 5343 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!