Technical Tip: Block file transfer in Skype while allowing chats/texts

1. Create a new application profile. Depending on the business operation, it is possible to block all default FortiGuard categories or monitor/allow/quarantine the desired ones.

In Application and Filter overrides, create a filter to block 'Skype_File'. Transfer (it is required to use Deep Inspection in Firewall policy), a filter to allow all other Skype signatures, and SSL. 

2. Create a firewall policy to allow traffic from LAN to WAN, with the above application profile and Deep inspection.

    

   

    

    

3. Test on the client side, it is possible to see the file cannot be transferred, however, the texts/chat still is processed normally.

    

   

    

    

4. Block results also show up in FortiGate -> Log&Report -> Application Control.

    

   

    

   Note: in 1., if the SSL is not allowed, the Skype application will show blank when trying to log in like this: