Technical Tip: Block file transfer in Skype while ...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 242579

Description

This article describes how to block file transfer in Skype while allowing chats/texts.

Scope

FortiGate version 7.2.

Solution

Create a new application profile. Depending on the business operation, it is possible to block all default FortiGuard categories or monitor/allow/quarantine the desired ones.

In Application and Filter overrides, create a filter to block 'Skype_File'. Transfer (it is required to use Deep Inspection in Firewall policy), a filter to allow all other Skype signatures, and SSL.

Create a firewall policy to allow traffic from LAN to WAN, with the above application profile and Deep inspection.
Test on the client side, it is possible to see the file cannot be transferred, however, the texts/chat still is processed normally.
Block results also show up in FortiGate -> Log&Report -> Application Control.

Note: in 1., if the SSL is not allowed, the Skype application will show blank when trying to log in like this:

2054

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Block file transfer in Skype while allowing chats/texts