How to free skype?

How to free skype?

 

We have skype released for some user however skype accesses more does not send messages

  • In reply to Jason Macri:

    Hi, all

    I tried include many ips and networks of microsoft without success to do skype for business work fine.

    Monitoring the access I could see that the clients was trying to access somes URLs like *.office365.com, *.lync.com, sip.yourdomain.com, login.yourdomain.com

    So I included office365.com, lync.com and sip.yourdomain.com in "PROTECT" > "WEB" > "Exceptions" and with just this config, it works fine for me at the time.

    Cheers,

    Leo

     

  • In reply to MarekDalke:

    HI Marek , 

    It would seem that the issue is still pending . 

  • In reply to Aditya Patel:

    Does this also break Skype for Business from working?  We cannot get any external contact to be able to share our screen or send images.

  • In reply to Jason Macri:

    Jason Macri

    For testing we have added exceptions for the following:

    ^.*skype.com.*
    ^.*skype.net.*
    ^.*skypeassets.com.*

     

    Hi All,

    I recently had this issue with morning with being able to login to Skype after redirecting the clients to our XG, but not being able to receive or send and IM's. Skype would login ok, but I'd see a blue circle with spinning white arrows under my avatar.

    After getting nowhere looking through Skype forums, I directed my attention toward the XG and found this thread. After looking through the Skype forums I noted the following after entering /dumpmsnp in a chat window:

    /dumpmsnp
      MSNP: Connection Data (MSNP24):
     * Status: NetStateConnecting.Backoff
     * Server Current: s.gateway.messenger.live.com
     * Server Saved:   s.gateway.messenger.live.com
     * Login:  (Token) ** Waiting liveid **
     * Skypename: [<<REDACTED>>] [linked]
     * EPID: 1c227512-d597-8e5f-eded-d1e39269932d
     * ClientVersion: 0/7.32.0.104//
     * OSVersion: Windows 10.0  (build
     * Time: TZ: UTC+11, Server: 0, Local: 1487892068
     * Connection: IF: 0 DC: 3 RC: HTTPS
     * B:0 CS:[B:1 S:1] MO:yes CWB:1 Q:0[F:0 I:0] PMN:1
     * Recent connect: s.gateway.messenger.live.com @ 2017-02-23T23:16:04Z
     * Recent connect: s.gateway.messenger.live.com @ 2017-02-23T23:13:49Z
     * Recent connect: s.gateway.messenger.live.com @ 2017-02-23T22:59:13Z
     * Recent connect: s.gateway.messenger.live.com @ 2017-02-23T22:28:13Z
     * Recent connect: s.gateway.messenger.live.com @ 2017-02-23T22:24:44Z
     * Push: None (Unregistered)

    My skype login in particular is one that was joined / migrated from the MSN Messenger days, I don't know whether this is applicable to others as well.

    Anyway, I added the following exceptions to Web > Exceptions and ticked the 'HTTPS Decryption'

    ^.*skype.com.*
    ^.*skypeassets.com.*
    ^.*gateway.messenger.live.com*
     
    Skype is now working via the Sophos XG for myself and colleagues.
     
    Not sure if this will help anyone else, but so far today I've seen too many "Don't worry it's fixed now" answers without an actual solution so I'm hoping this helps someone, somewhere, eventually!
  • SOLUTION

     

    Providing workaround for the Skype VOIP issue as follows,

     


    1. Creating below FQDN list on XG

     

    tr001.skype-edf.akadns.net

     

    1.dr.skype-cr.akadns.net

     

    2.dr.skype-cr.akadns.net

     

    3.dr.skype-cr.akadns.net

     

    4.dr.skype-cr.akadns.net

     

    5.dr.skype-cr.akadns.net

     

    6.dr.skype-cr.akadns.net

     

     

     


    1. Creating new network/user rules prior to the one configured to decrypt HTTPS traffic. Adding above FQDN object as destination and make sure that you
      uncheck “Decrypt & Scan HTTPS”.

     


    1. Re-dial phone or video on Skype again.

     

     

     

    I have tried this workaround and it seems to be workable. If possible, please try again in your lab environment.

     

    Please do not use web exception to do this because Skype using IP address to connect to their server instead of hostname, and they make the connection through
    CDN. Hence, using IP address as the rule of bypass won’t work.

     

     

     

  • In reply to tejas dhotre:

    I have same issue that Skype (Personal on Windows 10 Desktop) that was working fine up to 16.02 stopped working after upgrade to 16.05.1 and 16.05.2

    I can not even login to Skype and found that login.live.com is not reachable - tried all suggested solutions listed here (FW rule, Web exceptions, HTTPS scan off, micro-apps off) - nothing. Nothing blocked in any logs - web log shows login.live.com allowed but 0 traffic. Works only if I bypass XG and connect PC to router.

    Updated - after whole day troubleshooting!

    I by chance decided to enable IPv6 on my LAN (Sky Q router supports IPv6) - setup the gateway, DNS, DHCP, FW rules, etc on XG.

    Skype still would not authenticate to login.live.com.  I thought that IPv6 did not need to use MASQ but tried it on gateway setting and IT WORKED ....... once, then when I tried again, NOTHING

    What am I doing wrong??  Is this a bug or what?

  • In reply to franky888:

    Thank you for /dumpmsnp - very handy. 

    I've found that for iOS Skype this would not be enough. What made it work is the following: 

    1. Allow "Skype Services" and "Torrent Clients P2P" (for some reason it is detected as one) through Application policy 
    2. Add the following into Web Filtering Exceptions and skip HTTPS decoding AND malware scanning

    ^([A-Za-z0-9.-]*\.)?microsoft\.com/
    ^([A-Za-z0-9.-]*\.)?skype\.com/
    ^([A-Za-z0-9.-]*\.)?trouter\.io\.?/
    ^login\.live\.com/
    ^rps\.trafficmanager\.net\.?/
    ^s\.gateway\.messenger\.live\.com/
    ^ssw\.live\.com/
     
    (note trouter.io and trafficmanager.net, all Microsoft domains)

    I succeeded making Video and Audio calls from and to iOS 10 device with these settings. This seems to be minimum necessary set.

  • In reply to MarekDalke:

    Beware - IP Host List gets truncated after 60 characters. Silently. Found out the hard way. 

    In fact if you try to create the IP Host via API it will fail due to the large size - and API documentation indeed states that the limit is 60 characters. However UI does not complain when you specify more and just silently truncates.  

  • Is this ever going to be resolved? no work arounds work and nothing has been released in the firmware updates since this post

  • In reply to Travis McCalgan:

    Are you referring to truncation of the input in IP Host boxes or Skype?

    If the latter - have you tried my suggestion as of 23 Mar 2017 1:21 AM ? Skype works fine for me ever since I did that.

  • In reply to saspus:

    For me the problem with Skype Personal seems to be resolved with the last 16.05.MR4 update.

  • In reply to NihadEmrovic:

    I am on that version, and its still happening. I will try factory restore and see, if not going back to Kerio