Helpful ReplySkype connection issue (skype can't connect)

Author
waaalex
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/05/22 03:31:25
  • Status: offline
2015/05/26 01:01:27 (permalink)
0

Skype connection issue (skype can't connect)

Hello all,
I've got a problem with Skype connection. Sometimes it works and sometimes skype can't connect without any clue..
 
On application control, i've granted acces to Skype
 
I've set a rule that use appsensor, and open a port.
 
 
But it change nothing. sometimes i can conenct slype but sometimes no..
 
Have you got an idea?
 
Regards,
Alexandre

Attached Image(s)

#1
vmartin_FTNT
Bronze Member
  • Total Posts : 44
  • Scores: 8
  • Reward points: 0
  • Joined: 2013/08/29 07:43:01
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/05/26 10:51:44 (permalink) ☄ Helpfulby Elthon Abreu 2015/06/11 13:16:51
0
Are you using full SSL inspection (the deep-inspection profile). If you are, you may need to add an exemption, to make sure Skype traffic is not being inspected.

Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
#2
waaalex
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/05/22 03:31:25
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/05/28 00:55:41 (permalink)
0
Hello,
Excuse me for late reply.
I don't if I use full SSL inspection.
How can i verify this?
It's a fortigate 100D with Forti OS 5.2.1.
Thank you for help.
#3
waaalex
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/05/22 03:31:25
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/05/29 07:13:05 (permalink)
0
I've verified, and Full SSL inspection is NOT activated.
Only SSL certificate inspection activated.
 
Edit : In my rule for skype, SSL inspection is set to none.
Also, we have 4 profiles for SSL/SSH inspection. Is a profile set by default when a rule have ssl inspection set to none?
post edited by waaalex - 2015/05/29 07:16:10
#4
vmartin_FTNT
Bronze Member
  • Total Posts : 44
  • Scores: 8
  • Reward points: 0
  • Joined: 2013/08/29 07:43:01
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/05/29 12:06:17 (permalink)
0
Very strange. This might be something you need to open a ticket about, so that someone on our support team can get a good look at your configuration. If you do open a ticket and get it solved, please let us know what happened hear, in case it's something that could use documenting.
 
Wish I could help more!

Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
#5
CBaezLe
New Member
  • Total Posts : 17
  • Scores: 2
  • Reward points: 0
  • Joined: 2015/01/21 04:17:12
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/05/29 14:36:48 (permalink)
0
waaalex
Hello all,
I've got a problem with Skype connection. Sometimes it works and sometimes skype can't connect without any clue..
 
On application control, i've granted acces to Skype
 
I've set a rule that use appsensor, and open a port.
 
 
But it change nothing. sometimes i can conenct slype but sometimes no..
 
Have you got an idea?
 
Regards,
Alexandre




Hi Waalex.
 
I managed to make it work following this post: 
https://forum.fortinet.com/FindPost/123947
 
I hope you can make it work. All the credits to gschmitt
#6
waaalex
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/05/22 03:31:25
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/06/01 00:23:04 (permalink)
0
SSL/SSH deep inspection was not enabled on my rule for skype.
I've enabled it and made manipulation to except skype but result is the same.
Skype does not connect every times...
On my rule, i don't see any packet pass by. 0KB/0KB.
 
How can i make a call with phone support to verify that?
Thank you very much for your help.
 
Regards. Alexandre
#7
vmartin_FTNT
Bronze Member
  • Total Posts : 44
  • Scores: 8
  • Reward points: 0
  • Joined: 2013/08/29 07:43:01
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/06/01 06:25:03 (permalink)
0
You can go to http://www.fortinet.com/support/contact_support.html to get the info for contacting the support team in your area.

Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
#8
fernandomn
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/04/30 11:55:44
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/06/03 06:45:46 (permalink)
0
Hi.
If you have enable ssl certificate inspection, enable inspect all ports. this option solved us the same issue.
thanks
#9
waaalex
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/05/22 03:31:25
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/06/04 00:57:07 (permalink) ☄ Helpfulby fernandomn 2015/06/26 06:06:50
0
Hello, thank you for answer but it change nothing.
It works for some users but not for some other.
In my IPv4 rule, 0 bytes are counted.
It drives me crazy ^^
 
Edit : I've disabled my rule and made change on certificate inspection for the rule HTTPS. It seems that skype pass by 443.
It works on all 4 test users.
I will test again for a week and let you know if it's ok :)
Thank you very much
post edited by waaalex - 2015/06/04 01:10:25
#10
mramon79
New Member
  • Total Posts : 11
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/10/30 04:44:05
  • Status: offline
Re: Skype connection issue (skype can't connect) 2015/09/10 01:26:20 (permalink)
0
Hi,
a have been testing for many weeks to try block /allow skype depends of our different user profiles and i can say Skype is such a pain in the neck.
I´m going to explain how i have configured the Fortigate to block/allow this application in 5.2.2 and 5.2.3 v, and it works ok.
You can access skype 3 ways:
1)specific application with skype user
2)specific application with hotmail  user
3)from outlook web interface
 
I use Fortigate as explicit web proxy and application control run before web filter(Fortigate documentation about traffic flow tells the opposite but this is only for fortigate in firewall mode).
 
If you want to allow it:
1) Application control, Categories P2P and Collaboration blocked and create an Application Overrides for Skype
2) In web filter Section-->Fortiguard Category "Internet Telephony" Allow and enable the following url filter:
        \.trouter\.io            Reg Expression      Enable
        .*skypeassets.com  Reg Expression    Enable
        skype.com               Simple              Enable
 
If you want to block the application only do the opposite.
 
I hope this may help you
 
Regards
 
 

Attached Image(s)

#11
Jump to:
© 2018 APG vNext Commercial Version 5.5