Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
waaalex
New Contributor III

Skype connection issue (skype can't connect)

Hello all,

I've got a problem with Skype connection. Sometimes it works and sometimes skype can't connect without any clue..

 

On application control, i've granted acces to Skype

 

I've set a rule that use appsensor, and open a port.

 

 

But it change nothing. sometimes i can conenct slype but sometimes no..

 

Have you got an idea?

 

Regards,

Alexandre

2 Solutions
vmartin_FTNT
Staff
Staff

Are you using full SSL inspection (the deep-inspection profile). If you are, you may need to add an exemption, to make sure Skype traffic is not being inspected.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

View solution in original post

waaalex
New Contributor III

Hello, thank you for answer but it change nothing.

It works for some users but not for some other.

In my IPv4 rule, 0 bytes are counted.

It drives me crazy ^^

 

Edit : I've disabled my rule and made change on certificate inspection for the rule HTTPS. It seems that skype pass by 443.

It works on all 4 test users.

I will test again for a week and let you know if it's ok :)

Thank you very much

View solution in original post

10 REPLIES 10
vmartin_FTNT
Staff
Staff

Are you using full SSL inspection (the deep-inspection profile). If you are, you may need to add an exemption, to make sure Skype traffic is not being inspected.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

waaalex
New Contributor III

Hello,

Excuse me for late reply.

I don't if I use full SSL inspection.

How can i verify this?

It's a fortigate 100D with Forti OS 5.2.1.

Thank you for help.

waaalex
New Contributor III

I've verified, and Full SSL inspection is NOT activated.

Only SSL certificate inspection activated.

 

Edit : In my rule for skype, SSL inspection is set to none.

Also, we have 4 profiles for SSL/SSH inspection. Is a profile set by default when a rule have ssl inspection set to none?

waaalex
New Contributor III

SSL/SSH deep inspection was not enabled on my rule for skype.

I've enabled it and made manipulation to except skype but result is the same.

Skype does not connect every times...

On my rule, i don't see any packet pass by. 0KB/0KB.

 

How can i make a call with phone support to verify that?

Thank you very much for your help.

 

Regards. Alexandre

vmartin_FTNT
Staff
Staff

Very strange. This might be something you need to open a ticket about, so that someone on our support team can get a good look at your configuration. If you do open a ticket and get it solved, please let us know what happened hear, in case it's something that could use documenting.

 

Wish I could help more!

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

CBaezLe
New Contributor III

waaalex wrote:

Hello all,

I've got a problem with Skype connection. Sometimes it works and sometimes skype can't connect without any clue..

 

On application control, i've granted acces to Skype

 

I've set a rule that use appsensor, and open a port.

 

 

But it change nothing. sometimes i can conenct slype but sometimes no..

 

Have you got an idea?

 

Regards,

Alexandre

Hi Waalex.

 

I managed to make it work following this post: 

https://forum.fortinet.com/FindPost/123947

 

I hope you can make it work. All the credits to gschmitt

vmartin_FTNT
Staff
Staff

You can go to http://www.fortinet.com/support/contact_support.html to get the info for contacting the support team in your area.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

fernandomn
New Contributor

Hi.

If you have enable ssl certificate inspection, enable inspect all ports. this option solved us the same issue.

thanks

waaalex
New Contributor III

Hello, thank you for answer but it change nothing.

It works for some users but not for some other.

In my IPv4 rule, 0 bytes are counted.

It drives me crazy ^^

 

Edit : I've disabled my rule and made change on certificate inspection for the rule HTTPS. It seems that skype pass by 443.

It works on all 4 test users.

I will test again for a week and let you know if it's ok :)

Thank you very much

Labels
Top Kudoed Authors