Skype for Business vs Skype

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Skype for Business vs Skype

L0 Member

Hi All,

 

is there a way for Palo to distinguish between Skype and Skype for business?

Application list only suggests you single Skype application...

 

Idea is to block regular skype and only allow skype for biz, maybe there are any weird workarounds.... like allowing/blocking certain miscorsoft URLs or tcp ports.

 

Cheers,

 

 

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@Dmitry_Dmitry,

Generally I would expect to see the following application for Skype for Business:

ms-lync-base

ms-lync-online

rtcp

stun

rtp

ms-office3650base

ssl 

web-browsing

ms-lync-audio

ms-lync-video

 

A large number of those applications you'll note are still identified as Lync instead of SfB specific App-IDs. You'll also want to exclude *.online.lync.com and *.infra.lync.com from decryption if you have this feature enabled. 

 

Skype you would expect to see the following:

office365-consumer-access

rtcp

rtp

skype

skype-probe

ssl

websocket

stun

web-browsing

windows-azue-base

apple-push-notications (yup, it's a known miss-id)

 

So to effectively block Just skype I would only block the app-id 'skype', however you can play around with this information as much as you wish obviously and choose what works for you. 

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

@Dmitry_Dmitry,

Generally I would expect to see the following application for Skype for Business:

ms-lync-base

ms-lync-online

rtcp

stun

rtp

ms-office3650base

ssl 

web-browsing

ms-lync-audio

ms-lync-video

 

A large number of those applications you'll note are still identified as Lync instead of SfB specific App-IDs. You'll also want to exclude *.online.lync.com and *.infra.lync.com from decryption if you have this feature enabled. 

 

Skype you would expect to see the following:

office365-consumer-access

rtcp

rtp

skype

skype-probe

ssl

websocket

stun

web-browsing

windows-azue-base

apple-push-notications (yup, it's a known miss-id)

 

So to effectively block Just skype I would only block the app-id 'skype', however you can play around with this information as much as you wish obviously and choose what works for you. 

  • 1 accepted solution
  • 5024 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!