Thread Info
  • Locked Locked
  • Replies 14 replies
  • Subscribers 7 subscribers
  • Views 47702 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cyberoam UTM : Skype Application & login.live.com domain unable to connect with Allow All Web filter policy in 10.6.6 GA

Gowtham Mani

Reported issue regarding unable to connect to Skype and login into login.live.com with web filter set as ALLOW ALL after upgraded in 10.6.6 firmware has a fix. Find the below mentioned workaround and the fix details.

Workaround : As a workaround, Create FQDN based firewall rule on TOP with below domains with web filter policy as None.

For login.live.com

1) login.live.com

For Skype

1) login.live.com

2) account.live.com

3) msg.skype.com

4) ui.skype.com

5) apps.skype.com 

A fix is available for the reported issue, you may contact the Sophos Support for the fix.



This thread was automatically locked due to age.
  • in reply to Simon Godefroy

    Also had some problems with authentication aan SSL connections. Revert also back to 10.6.5 MR-1 and problem are gone.

  • This is causing problems accessing OWA on Exchange 2010 as well as other custom websites that require authentication.

    We have rolled back all our clients to 10.6.5 MR-1 to avoid this problem.

    Hopefully it is resolved soon.

    Will the fix be made publically available (or incorporated into a later firmware)?

    Also, I haven't been able to find any release notes for 10.6.6 - does anyone have a link?

  • Do not upgrade to 10.6.6

     

    Also...

    SSL VPN connections are failing.
    External ports for the user portal may be inaccessible.

     

     

    [:@]

  • Hello  ,

     

    Thanks for your article, I would like to highlight the adverse effect for FQDN firewall rules. Majority of the above domains are pointing to content sharing server Akamai. Akamai share the same IP with many other domain then live.com and Skype.com.

    Due to the same IP share by other website, the above FQDN firewall rule may allow other traffic which may include web category like finance, software update, video streaming , image bank etc.

     

    I will highly recommend to contact support and get the patch applied.

     

    Good Luck!!!

    Regards, Ronak.

Unfiltered HTML