Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Allow Skype Out Through 600C
In Application Control > Application List I have Skype listed. At this point we need Skype to be allowed out. However when I go to edit this Application in the list, the Edit is grayed out. Even the delete is Grayed out. How can I edit so that Skype is allowed out? Probably a silly question, but I' m new to Fortinet. Checkpoint guy here.
Thanks in advance.
CAlengua
CAlengua
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems like you don' t have permissions on that account. Try login in with the admin account and try again.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you able to edit applications in Security Profiles > Application List ? I attached a pic and you can see where the edit and delete are grayed out.
CAlengua
CAlengua
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Im not sure we are allowed to edit Application Lit, if you want to allowed Skype then you should use Application Sensor. See the attached file for your reference.
Once done apply that Application Profile to the desired policy most likely from Internal-->External Interface.
Fortigate Newbie
Fortigate Newbie
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Application List is just that, the list of application (detection patterns) that is current from FortiGuard. This is by it' s very nature neither editable nor deleteable (I hope these adjective exist...).
You use one or more application signatures in Application Sensors. You can enter one or several applications or even application categories into a sensor, and then specify this sensor to be used in a policy.
Example: I suppress peer-to-peer apps by default. So, I create a new App sensor and add the ' P2P' category. Unfortunately, Skype belongs to this category but needs to be allowed often. So, I add another entry ABOVE the P2P category, with just ' Skype' as a single application. ' Skype' is allowed, the ' P2P' category is set to be blocked.
Then this sensor is specified in the ' internal' -> ' wan' policy.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Awesome! Thanks!
I think I may have done it in a roundabout way but the results were positive. Below is how I configured it based on what you all told me. It' s working but not sure if this is the most efficient way to allow this.
CAlengua
CAlengua
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
^ That' s how I always configure my FortiGates if customers want to allow Skype and block P2P :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ya, perfectly!
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I used this method as well while back when I came up against it but what if I don' t want to monitor Skype and have it filling up my App Control log with entries? I can' t see any way to do this...
Any thoughts?