Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
billp
Contributor

Anyone using Skype with FortiOS 5.0.x?

Is anyone using Skype apps on Windows or OS X successfully in FortiOS 5.0.x? If so, would you be willing to post: 1. FortiOS version? 2. Whether or not you activated an SSL/SSH Inspection policy on the Skype traffic for port 443? I am finding that enabling SSL/SSH inspection on Skype traffic prevents Skype from logging in reliably. Thanks. P.S. I asked a similar question earlier, so please excuse the extra post here -- no one responded to earlier posting.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
4 REPLIES 4
vanc
New Contributor

I'm using FortiOS 5.2 on 100D. With all flow based security profiles (AV, IPS, AppCtrl, WF), and SSL deep inspection enabled, I could use Skype 7.2 on Mac OS 10.9 (Mavericks). The Skype Home feature doesn't work. But I could log in and chat.

DirtyBlueshirt
New Contributor II

We had this issue locally. We finally narrowed it down to two /24 subnets in Europe that Skype uses for login. We're using FortiOS 5.0.9/5.0.10

 

We created a rule to allow HTTP/HTTPS to the following two subnets without SSL filtering:

 

91.190.216.0/24

91.190.218.0/24

 

Both subnets are confirmed owned by Skype/Microsoft.

 

As soon as we created a rule to these destinations, the login issues disappeared completely.

 

Hope this helps!

--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
--- Aaron Slater Security Analyst, Network Engineer, Part-Time Everything Else
ralphian08
New Contributor

@BlueDirtyshirt

 

I have same issue and we are using Fortigate 100D 5.0 ver.

How do you create rule for those two IP Address skype you've mention?.

Could you provide step by step how to to this.

sorry im not familiar with fortigate firewall.

emnoc
Esteemed Contributor III

Yes running  it on  5.0.8 and  previously 5.2.3 and now 5.2.3. Also have a few older device running 4MR3-18. No SSL inspection profile and I set a TS to guarantee  bw.

 

We have hundreds of persons using skype for day in and out communications which all works fine and correctly.

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors