Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chrbar
New Contributor

How to filter Skype application?

Hello,

 

We use two FortiGate 3700D (HA cluster) running FortiOS v5.2.3 build670 (GA), managed from FortiManager v5.2.2-build0706 150415.

We'd like to allow Skype audio and video communications, but block other services as files transfer and apps sharing (share a desktop or application screen).

We plan to create a new Application Sensor to filter Skype.

 

Inside Fortiguard, and Application Filter, there are Skype and Lync Application Filter.

If I don't make a mistake, Microsoft merge Lync and Skype.

Thus, could we filter Skype via Microsoft.Lync_* Application Filter?

 

Do you know if Lync is now Skype for business only, and not "generic" Skype?

If yes, we should block "Skype" Application Filter, force our users to use Skype for business (formely Lync), and filter these communications via Microsoft.Lync_* Application Filter?

 

Block: Skype (and/or Skype_Communication), Microsoft.Lync_Apps.Sharing, Microsoft.Lync_File.Transfer

Monitor: Microsoft.Lync_Audio, Microsoft.Lync_Video

 

What is your opinion on that?

 

Regards,

Chris

 

2 REPLIES 2
Gianluca_Caldi
New Contributor

Hi, we use both Skype and SkypeForBusiness (formerly Lync) in our company. The two products are different meaning that they use a different set of ports. Moreover SkypeforBusinss ports can be customized (and this is good as far as the standard implementation use a common port range for several services). You have to set application filterss and rules separately for each software and, probably, to customize S4B ports in order to block/allow single services. We spent almost a day analyzing and fixing this (mainly to apply QoS and traffic shapers to different service).

Bye

Gianluca

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

FGT: 50E,100D, 200D, 600DFMG: VM64 FAZ: VM64
MikePruett

Gianluca is correct. It shows as lync/skype for business. Best practice in my personal opinion would be to standardize the ports and apply accordingly.

 

General skype is just desktop skype for regular users.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Top Kudoed Authors