Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steven_Lengua
New Contributor

Allow Skype Out Through 600C

In Application Control > Application List I have Skype listed. At this point we need Skype to be allowed out. However when I go to edit this Application in the list, the Edit is grayed out. Even the delete is Grayed out. How can I edit so that Skype is allowed out? Probably a silly question, but I' m new to Fortinet. Checkpoint guy here. Thanks in advance.

CAlengua

CAlengua
8 REPLIES 8
jorge9090
New Contributor

Seems like you don' t have permissions on that account. Try login in with the admin account and try again.
Steven_Lengua

Are you able to edit applications in Security Profiles > Application List ? I attached a pic and you can see where the edit and delete are grayed out.

CAlengua

CAlengua
Fullmoon

Im not sure we are allowed to edit Application Lit, if you want to allowed Skype then you should use Application Sensor. See the attached file for your reference. Once done apply that Application Profile to the desired policy most likely from Internal-->External Interface.

Fortigate Newbie

Fortigate Newbie
ede_pfau
Esteemed Contributor III

The Application List is just that, the list of application (detection patterns) that is current from FortiGuard. This is by it' s very nature neither editable nor deleteable (I hope these adjective exist...). You use one or more application signatures in Application Sensors. You can enter one or several applications or even application categories into a sensor, and then specify this sensor to be used in a policy. Example: I suppress peer-to-peer apps by default. So, I create a new App sensor and add the ' P2P' category. Unfortunately, Skype belongs to this category but needs to be allowed often. So, I add another entry ABOVE the P2P category, with just ' Skype' as a single application. ' Skype' is allowed, the ' P2P' category is set to be blocked. Then this sensor is specified in the ' internal' -> ' wan' policy.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Steven_Lengua
New Contributor

Awesome! Thanks! I think I may have done it in a roundabout way but the results were positive. Below is how I configured it based on what you all told me. It' s working but not sure if this is the most efficient way to allow this.

CAlengua

CAlengua
neonbit
Valued Contributor

^ That' s how I always configure my FortiGates if customers want to allow Skype and block P2P :)
ede_pfau
Esteemed Contributor III

Ya, perfectly!

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
3pointD
New Contributor

I used this method as well while back when I came up against it but what if I don' t want to monitor Skype and have it filling up my App Control log with entries? I can' t see any way to do this... Any thoughts?
Labels
Top Kudoed Authors