Hi, I have an FGT200 and need to block file trasnfer via Skype. I cant block skype at all, because We use skype to talk with an externals providers. I just need to block send and receive files using skype. Is it possible?
Application Control contains two Application Sensors for Skype: one appears to cover the actual peer-to-peer stuff and the other one is listed as " Skype.Communication" . You could try creating an app sensor that blocks one and another app sensor that allows the other. Whether this will work the way you want it I do not know.
Skype is very evasive. I allow Skype in my environment, but disallow all other IM and P2P. The logs frequently show Skype traffic that is being blocked because it' s being classified as other applications that I have blocked. But Skype always works anyway. If Skype can' t find it' s normal ways out, it will use port 443 SSL only to get out.
I don' t use deep-packet SSL inspection in my environment; using that may improve your chances at successfully controlling Skype.
A little late to this, but I have the answer for blocking File Transfers in Skype. Unfortunately it' s a registry key that needs to be added, and not a FortiGate setting.
Here' s the administrator' s guide, it works with the most recent 6.1 release as well (Appendix 1 has the configurable policies). So in example, to block file transfers, you will need to add this registry key:
HKEY_CURRENT_USER\Software\Policies\Skype\Phone, DisableFileTransfer, REG_DWORD = 1
You will likely have to add the Skype\Phone hive, so it' s best to do this via GPO or a .reg file.
...And I can' t find any mention on doing a similar function on Macs, sorry.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.