"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
We'd love to hear about it! Click here to go to the product suggestion community
How to free skype?
We have skype released for some user however skype accesses more does not send messages
I think you are trying to allow access to Skype, check which FW-rule blocks the skype connection. Verify the application filter configured within the rule and allow the Skype signature. You can try packet capture option in XG to learn the FW rule ID.
In reply to sachingurung:
We have skype working for logging in and sending messages but are unable to make / receive skype calls while using ssl decrypt and cannot find a way to exclude it from ssl decryption. Is there a way we can make a rule to exlcude the skype application from ssl decryption?
If we manually add some IPs that skype is using it will work but skype changes to a lot of IPs so this is not a viable solution. We've tried capturing the required domain names and excluding these but haven't had any success.
In reply to Jason Macri:
In the HTTPS Scanning exceptions could you add these URLS mentioned below.
api.skype.com Businessapps.skype.com Businesscommunity.skype.comdownload.skype.comlogin.skype.compipe.skype.comsecure.skype.comwww.skype.comwww.skypeassets.com
Also allow access to these subnets:
In reply to Aditya Patel:
For testing we have added exceptions for the following:
Check #1 in my guide here. Try to make a call and check if you capture any drops.
Could you inform me which Skype are you using. Skype for Business or Personal
This is Skype Personal - I can see that the Sophos XG can categorize the skype application but there doesn't seem to be a way to use that classification with an exception for SSL decryption.
Let me simulate the same from my end and Shall get back to you .
I've got a similar issue: skype messenger works and also incoming calls are working but we cannot call. I have a firewall rule the allows http and https protocols, the app filter allows skype signature and the SSL scanning has exceptions for the domains mentioned above. It seems though the skype tries using random UDP port (which are blocked by the default rule that blocks all)
I don't find safe to open all UDP ports just to allow skype calls.
Here the same issue. As soon I disable "Decrypt & Scan HTTPS" on my FW rule Skype can make calls.
I have tried configuring different exeptions for HTTPS Scans without success.
In reply to NihadEmrovic:
Exception not working.
In reply to ErickSOULAGES:
I'm having the same problem, how why allow the Skype on Sophos XG 16.05?
In reply to Edson Siqueira:
We have a Known issue with Skype at the moment and the BUG ID NC-14551, In the mean time we have a Work Around , kindly follow the steps
Step1: Go to Web > Exceptions > Add Exceptions
Step 2 : Select Web Site Categories > Add new item >IP address
Step 3: Check on HTTPS Decryption and save .
Make sure the rule is enabled.
I try your workaround in the exception, but not fix the issue.
Just unchek "Decrypt https" in the general rule fix the isssue.
My UTM is XG230 (SFOS 16.01.1)
I found a solution to this issue:
Go to "Application" > "Application Fliter" > take a look of the "Filters" on this tab and edit all to see wich one have the "Skype" and "uncheck them.
In my case this works fine, but I had to open all "Filters" to found and disable the block of skype.
If any one have another solution, please send to us.