This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Skype for Business and Intrusion Prevention

Hi everyone,

we are using Skype for Business for internal and external communication and migrated to the cloud recently.
We had performance problems with our systems on premise and hoped that they will go away ;)

But "showing the screen" is still having performance problems or even stops.

I now will block the traffic between VPN Users completely (a tip from a MVP) and already created some exclusions for the Microsoft IPs.

But in the intrusion prevention log are still entries that might block traffic. I don't know how to create an exclusion here. I would have to specify a "source address" because the destination is from 1024-65535. This seems to be impossible

2019:06:28-10:15:52 firewall ulogd[38311]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth0" srcmac="b4:de:xx:yy:zz" dstmac="00:1a:8c:xx:yy:zz" srcip="customer IP" dstip="our internet ip" proto="17" length="1476" tos="0x00" prec="0x00" ttl="56" srcport="4500" dstport="58029"

How can i create an exclusion for a block like this? It is always the source address 4500

Best regards

Stephan

 



This thread was automatically locked due to age.
Parents
  • Hallo Stephan,

    That looks more like there's an issue with an IPsec tunnel instead of an issue with Skype.  That's a an IPsec NAT-T response from your customer's device.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Stephan,

    That looks more like there's an issue with an IPsec tunnel instead of an issue with Skype.  That's a an IPsec NAT-T response from your customer's device.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data