03-10-2011 12:28 AM
Hi All,
Seem to be having a bit of a problem with skype-probe.
I have a PA-500 in Vwire mode behind a PIX FW, the customer wishes to block Skype traffic.
Observations:
1. On the ACC the ammount of skype-probe traffic far exceedes any other traffic in terms of sessions
2. The ammount of bytes of skype-probe traffic is roughly in relation to the amount of skype bytes
3. When enabling a skype only block rule (still allowing skype-probe) the active session count sky rockets
The sessions that increase dramatically are from skype-probe these sessions go from a current 4,000 sessions to 50,000+ in a matter of under a minute until the skype block rule is disabled.
Any help and insight will be greatly appreciated
Cheers
Marc
attached is screen shots of skype-probe session count for last hour
03-11-2011 04:19 PM
My understanding is that you need to allow skype-probe traffic through to establish a connection, and then block the actual skype traffic once the Skype client believes it has connected. This prevents Skype from going evasive, but it does create a confusing situation on the client where it appears to be connected successfully, yet calling does not actually work.
03-14-2011 12:07 AM
skype-robe is allowed in a rule.
The rule set look like this:
| Source Zone | Dest Zone | Source | Dest | Source User | Application | Service | Action |
|---|---|---|---|---|---|---|---|
| Trust | Untrust | any | any | any | skype | any | deny |
| Trust | Untrust | any | any | Known Users | Various Apps (Incl skype-probe) | any | allow |
Before skype is disabled the session count for skype-proble is high, as soon as you deny skype on the PA the skype-probe sessions go through the roof, as said earlier from about 4k sessions to 40k sessions in seconds.
03-14-2011 05:07 AM
try setting the allow skype-probe rule before the block skype rule, this may help decrease the number of probe connections
03-15-2011 01:38 AM
will give it a go and provide feedback once done.
Regards
Marc
03-16-2011 04:12 AM
Hi,
With a skype-probe allow rule above the skype block rule, we still experience the same volume of sessions
Marc
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
