Skip to main content
waaalex
waaalex
New Member
May 26, 2015
Solved

Skype connection issue (skype can't connect)

  • May 26, 2015
  • 7 replies
  • 30489 views

Hello all,

I've got a problem with Skype connection. Sometimes it works and sometimes skype can't connect without any clue..

 

On application control, i've granted acces to Skype

 

I've set a rule that use appsensor, and open a port.

 

 

But it change nothing. sometimes i can conenct slype but sometimes no..

 

Have you got an idea?

 

Regards,

Alexandre

    Best answer by waaalex

    Hello, thank you for answer but it change nothing.

    It works for some users but not for some other.

    In my IPv4 rule, 0 bytes are counted.

    It drives me crazy ^^

     

    Edit : I've disabled my rule and made change on certificate inspection for the rule HTTPS. It seems that skype pass by 443.

    It works on all 4 test users.

    I will test again for a week and let you know if it's ok :)

    Thank you very much

    7 replies

    vmartin_FTNT
    Staff
    vmartin_FTNT
    Staff
    May 26, 2015

    Are you using full SSL inspection (the deep-inspection profile). If you are, you may need to add an exemption, to make sure Skype traffic is not being inspected.

    waaalex
    waaalexAuthor
    New Member
    May 28, 2015

    Hello,

    Excuse me for late reply.

    I don't if I use full SSL inspection.

    How can i verify this?

    It's a fortigate 100D with Forti OS 5.2.1.

    Thank you for help.

    waaalex
    waaalexAuthor
    New Member
    May 29, 2015

    I've verified, and Full SSL inspection is NOT activated.

    Only SSL certificate inspection activated.

     

    Edit : In my rule for skype, SSL inspection is set to none.

    Also, we have 4 profiles for SSL/SSH inspection. Is a profile set by default when a rule have ssl inspection set to none?

    waaalex
    waaalexAuthor
    New Member
    June 1, 2015

    SSL/SSH deep inspection was not enabled on my rule for skype.

    I've enabled it and made manipulation to except skype but result is the same.

    Skype does not connect every times...

    On my rule, i don't see any packet pass by. 0KB/0KB.

     

    How can i make a call with phone support to verify that?

    Thank you very much for your help.

     

    Regards. Alexandre

    vmartin_FTNT
    Staff
    vmartin_FTNT
    Staff
    May 29, 2015

    Very strange. This might be something you need to open a ticket about, so that someone on our support team can get a good look at your configuration. If you do open a ticket and get it solved, please let us know what happened hear, in case it's something that could use documenting.

     

    Wish I could help more!

    CBaezLe
    CBaezLe
    New Member
    May 29, 2015

    waaalex wrote:

    Hello all,

    I've got a problem with Skype connection. Sometimes it works and sometimes skype can't connect without any clue..

     

    On application control, i've granted acces to Skype

     

    I've set a rule that use appsensor, and open a port.

     

     

    But it change nothing. sometimes i can conenct slype but sometimes no..

     

    Have you got an idea?

     

    Regards,

    Alexandre

    Hi Waalex.

     

    I managed to make it work following this post: 

    https://forum.fortinet.com/FindPost/123947

     

    I hope you can make it work. All the credits to gschmitt

    vmartin_FTNT
    Staff
    vmartin_FTNT
    Staff
    June 1, 2015

    You can go to http://www.fortinet.com/support/contact_support.html to get the info for contacting the support team in your area.

    fernandomn
    fernandomn
    New Member
    June 3, 2015

    Hi.

    If you have enable ssl certificate inspection, enable inspect all ports. this option solved us the same issue.

    thanks

    waaalex
    waaalexAuthorAnswer
    New Member
    June 4, 2015

    Hello, thank you for answer but it change nothing.

    It works for some users but not for some other.

    In my IPv4 rule, 0 bytes are counted.

    It drives me crazy ^^

     

    Edit : I've disabled my rule and made change on certificate inspection for the rule HTTPS. It seems that skype pass by 443.

    It works on all 4 test users.

    I will test again for a week and let you know if it's ok :)

    Thank you very much

    mramon79
    mramon79
    New Member
    September 10, 2015

    Hi,

    a have been testing for many weeks to try block /allow skype depends of our different user profiles and i can say Skype is such a pain in the neck.

    I´m going to explain how i have configured the Fortigate to block/allow this application in 5.2.2 and 5.2.3 v, and it works ok.

    You can access skype 3 ways:

    1)specific application with skype user

    2)specific application with hotmail  user

    3)from outlook web interface

     

    I use Fortigate as explicit web proxy and application control run before web filter(Fortigate documentation about traffic flow tells the opposite but this is only for fortigate in firewall mode).

     

    If you want to allow it:

    1) Application control, Categories P2P and Collaboration blocked and create an Application Overrides for Skype

    2) In web filter Section-->Fortiguard Category "Internet Telephony" Allow and enable the following url filter:

            \.trouter\.io            Reg Expression      Enable

            .*skypeassets.com  Reg Expression    Enable

            skype.com               Simple              Enable

     

    If you want to block the application only do the opposite.

     

    I hope this may help you

     

    Regards

     

     

    Terms & ConditionsAccessibility statement