Skype is not working with allow rule
cancel
Showing results for 
Search instead for 
Did you mean: 

Skype is not working with allow rule

L4 Transporter

Hi,

 

We have a demand to allow skype for internal employees. However, we've created a security rule to allow the following applications:

 

-skype

-skype-probe

-ssl/web-browsing

 

Still skype couldn't connect with an error message "please check your internet connection and try again".

 

So I've added *.skype.com/* in the URL filteration > still doesn't work

Also I tried to user web-browsing instead of ssl > still doesn't work

and finally I've added both ssl & web-browsing > still doesn't work

 

When I checked the traffic log I found the following:

 

Session end reason: tcp-rst-from-client & tcp-fin & n/a

 

Does anyone know exactly whats going on here?

Regards,
Sharief
18 REPLIES 18

Have you tried the same rule, but with Any/Any as application and service? If Skype still does not work then I would suspect that it might be a client problem.

I will try that Terje.

When I added the policy "any any" today and commit the changes I got a warning that msn-base, ssl and web-browsing should be allowed as dependency apps also, but when I checked in https://applipedia.paloaltonetworks.com/ its not required. To double check this I shoot the command #show predefined application skype and those dependency apps were included. But again I've already tried and added them and still doesn't work.

Regards,
Sharief

I guess what I meant as an 'any any' rule was that it would be any destination and any applicaiton. This placed above all other security rules will let you know if this is a firewall issue or a network issue. If you still can't get to Skype with a set source address, any destination, and any application set to allow then it would indicate that your firewall isn't at fault here; something in front of your firewall is to blame for the issue. 

Anything in the threat log that shows traffic being blocked?

Is nothing working with Skype or just for example video conversation?

I had the problem lately that chat and audio were working but video wasn't.

It turned out I was missing the "Jabber" application in the allow rule.

Thanks for the help guys. I did the allow all rule with one source and when Skype didnt work we realised its not FW issue. However, we pluged the machine directly with the router towards the internet and it didn't work also, then we change the DNS to public on (8.8.8.8) and everything was working perfectly. They have an issue with their DNS server.

Regards,
Sharief

View solution in original post

Nice job, we were experiencing the same issue.  What made you decided to try external DNS servers?  Is there a specific URL that is not being resolved? 

I believe that might be the reason but honestly I didn't try changing the DNS server on the testing machine till I ran out of all options on PA.

 

Regards,

Sharief

Regards,
Sharief

Facing same problem.

 

Skype in my Organization with these Destination and apps (need simple solution).

 

skype
skype-probe
office365-consumer-access
ssl
stun
web-browsing
websocket
ms-lync-base
ms-lync-audio
ms-lync-video
rtcp
rtp-base

unknown-udp

 

91.190.216.0/21
65.52.0.0/14
64.4.0.0/18
52.234.0.0/11
40.0.0.0/8
213.199.0.0/16
157.56.0.0/14
13.107.0.0/16
111.221.0.0/17
104.40.0.0/13

 

Skype website:

To work correctly, Skype requires unrestricted outgoing TCP access to:

  • All destination ports above 1024 (recommended)

    or

  • Ports 80 and 443 

support.skype.com/en/faq/FA148/which-ports-need-to-be-open-to-use-skype-for-windows-desktop

 

Regards,

Sajid

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!