Skype is not working with allow rule

Reply
Highlighted
L2 Linker

Have you tried the same rule, but with Any/Any as application and service? If Skype still does not work then I would suspect that it might be a client problem.

Highlighted
L4 Transporter

I will try that Terje.

When I added the policy "any any" today and commit the changes I got a warning that msn-base, ssl and web-browsing should be allowed as dependency apps also, but when I checked in https://applipedia.paloaltonetworks.com/ its not required. To double check this I shoot the command #show predefined application skype and those dependency apps were included. But again I've already tried and added them and still doesn't work.

Regards,
Sharief
Cyber Elite

I guess what I meant as an 'any any' rule was that it would be any destination and any applicaiton. This placed above all other security rules will let you know if this is a firewall issue or a network issue. If you still can't get to Skype with a set source address, any destination, and any application set to allow then it would indicate that your firewall isn't at fault here; something in front of your firewall is to blame for the issue. 

Highlighted
L3 Networker

Anything in the threat log that shows traffic being blocked?

Highlighted
L3 Networker

Is nothing working with Skype or just for example video conversation?

I had the problem lately that chat and audio were working but video wasn't.

It turned out I was missing the "Jabber" application in the allow rule.

Highlighted
L4 Transporter

Thanks for the help guys. I did the allow all rule with one source and when Skype didnt work we realised its not FW issue. However, we pluged the machine directly with the router towards the internet and it didn't work also, then we change the DNS to public on (8.8.8.8) and everything was working perfectly. They have an issue with their DNS server.

Regards,
Sharief

View solution in original post

Highlighted
L3 Networker

Nice job, we were experiencing the same issue.  What made you decided to try external DNS servers?  Is there a specific URL that is not being resolved? 

Highlighted
L4 Transporter

I believe that might be the reason but honestly I didn't try changing the DNS server on the testing machine till I ran out of all options on PA.

 

Regards,

Sharief

Regards,
Sharief
Highlighted
L2 Linker

Facing same problem.

 

Skype in my Organization with these Destination and apps (need simple solution).

 

skype
skype-probe
office365-consumer-access
ssl
stun
web-browsing
websocket
ms-lync-base
ms-lync-audio
ms-lync-video
rtcp
rtp-base

unknown-udp

 

91.190.216.0/21
65.52.0.0/14
64.4.0.0/18
52.234.0.0/11
40.0.0.0/8
213.199.0.0/16
157.56.0.0/14
13.107.0.0/16
111.221.0.0/17
104.40.0.0/13

 

Skype website:

To work correctly, Skype requires unrestricted outgoing TCP access to:

  • All destination ports above 1024 (recommended)

    or

  • Ports 80 and 443 

support.skype.com/en/faq/FA148/which-ports-need-to-be-open-to-use-skype-for-windows-desktop

 

Regards,

Sajid

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!