Skype is not working with allow rule
Showing results for 
Search instead for 
Did you mean: 

Skype is not working with allow rule

L4 Transporter



We have a demand to allow skype for internal employees. However, we've created a security rule to allow the following applications:






Still skype couldn't connect with an error message "please check your internet connection and try again".


So I've added ** in the URL filteration > still doesn't work

Also I tried to user web-browsing instead of ssl > still doesn't work

and finally I've added both ssl & web-browsing > still doesn't work


When I checked the traffic log I found the following:


Session end reason: tcp-rst-from-client & tcp-fin & n/a


Does anyone know exactly whats going on here?


Have you tried the same rule, but with Any/Any as application and service? If Skype still does not work then I would suspect that it might be a client problem.

I will try that Terje.

When I added the policy "any any" today and commit the changes I got a warning that msn-base, ssl and web-browsing should be allowed as dependency apps also, but when I checked in its not required. To double check this I shoot the command #show predefined application skype and those dependency apps were included. But again I've already tried and added them and still doesn't work.


I guess what I meant as an 'any any' rule was that it would be any destination and any applicaiton. This placed above all other security rules will let you know if this is a firewall issue or a network issue. If you still can't get to Skype with a set source address, any destination, and any application set to allow then it would indicate that your firewall isn't at fault here; something in front of your firewall is to blame for the issue. 

Anything in the threat log that shows traffic being blocked?

Is nothing working with Skype or just for example video conversation?

I had the problem lately that chat and audio were working but video wasn't.

It turned out I was missing the "Jabber" application in the allow rule.

Thanks for the help guys. I did the allow all rule with one source and when Skype didnt work we realised its not FW issue. However, we pluged the machine directly with the router towards the internet and it didn't work also, then we change the DNS to public on ( and everything was working perfectly. They have an issue with their DNS server.


View solution in original post

Nice job, we were experiencing the same issue.  What made you decided to try external DNS servers?  Is there a specific URL that is not being resolved? 

I believe that might be the reason but honestly I didn't try changing the DNS server on the testing machine till I ran out of all options on PA.





Facing same problem.


Skype in my Organization with these Destination and apps (need simple solution).





Skype website:

To work correctly, Skype requires unrestricted outgoing TCP access to:

  • All destination ports above 1024 (recommended)


  • Ports 80 and 443






Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!