In report of 'show session all' I see that PAN recognize skype (even skype IM) as a 'skype' application and there is also skype-probe of course. But I didn;t told you about important thing, and I'm wondering now that is so matter in my case? All my tests I'm doing on my laptop where I have Windows 7 installed, and it hosts virtual enviroment (VMWare Workstation) in whch I have virtual PAN and virtual Windows XP machine installed. All traffic from virtual Windows XP is going through virtual PAN (secured, NATed and routed by virtual PAN), after that NATed to my physical interface (by VMware network mechanism) and after that routed to Internet..From the virtual Windows XP perspective, my Windows 7 host OS (and let say Internet) is in untrust zone. I'm wondering now that could cause some impact for skype? I observe that when I completelty block every traffic/applicaiton on virtual PAN, and when I launch Skype on virtual Windows XP it doesn't work. But when I'm launch Skype on my Windows 7 host OS and restart Skype on virtual Windows XP it's start wokring and I can do call from Windows XP to Windows7. Well, as I mentioned both machines are zone based secured, but to be honest they have 'shared' network interfaces. Virtual Palo Alto has 3 interfaces: - untrust which is VMnet8 (NATed by VMWare interface) - trust which is VMnet1 (host-only, isolated interface) - trust2 which is VMnet2 (host-only, isolated interrface) Virutal Windows XP has only one interface which is in trust zone and it is VMNet1 interface. Host OS - Windows 7 of course sees alle above interfaces: VMnet8, VMnet1 and VMnet2, becuase it runs VMWare Workstaiton, which creates all this interfeaces. So maybe skype could use it in some magic way nad this cause me problem? If yes how to fix it and block skype?
... View more