How to filter Skype application?

Question

Hello,

We use two FortiGate 3700D (HA cluster) running FortiOS v5.2.3 build670 (GA), managed from FortiManager v5.2.2-build0706 150415.

We'd like to allow Skype audio and video communications, but block other services as files transfer and apps sharing (share a desktop or application screen).

We plan to create a new Application Sensor to filter Skype.

Inside Fortiguard, and Application Filter, there are Skype and Lync Application Filter.

If I don't make a mistake, Microsoft merge Lync and Skype.

Thus, could we filter Skype via Microsoft.Lync_* Application Filter?

Do you know if Lync is now Skype for business only, and not "generic" Skype?

If yes, we should block "Skype" Application Filter, force our users to use Skype for business (formely Lync), and filter these communications via Microsoft.Lync_* Application Filter?

Block: Skype (and/or Skype_Communication), Microsoft.Lync_Apps.Sharing, Microsoft.Lync_File.Transfer

Monitor: Microsoft.Lync_Audio, Microsoft.Lync_Video

What is your opinion on that?

Regards,

Chris

Gianluca_Caldi · Answer

Hi, we use both Skype and SkypeForBusiness (formerly Lync) in our company. The two products are different meaning that they use a different set of ports. Moreover SkypeforBusinss ports can be customized (and this is good as far as the standard implementation use a common port range for several services). You have to set application filterss and rules separately for each software and, probably, to customize S4B ports in order to block/allow single services. We spent almost a day analyzing and fixing this (mainly to apply QoS and traffic shapers to different service).

Bye

Gianluca

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded