This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Skype (Consumer) behind UTM 9

Hello forum community!
 
We are running a UTM 9, which among other things provides a proxy in standard mode with AD-SSO for all clients. Works wonderfully.
 
Now Skype should be possible on SINGLE PCs. Without further configuration on the UTM I can establish a "chat connection", but as soon as I add sound and/or picture,
the connection is terminated after a few seconds. Skype reports that the connection is too weak.
 
With Google's help I found a template for an exception in the UTM (Web-Protection - Filtering Options) and created it.
The exception contains a long list of IP addresses in RegEx format and excludes all checks (Antivirus, Content, HTTPS, etc.) for these IP's.
Additionally I had allowed everything Skype has in its name in the application control.
 
Unfortunately this does not change the behaviour of Skype on the client.
 
The only way I found so far is to open (only) port 443 to the outside in the firewall (Network Protection) for the clients that should use Skype.
 
Although these clients will continue to browse, I assume, through the proxy, because it is stored in the browser settings, so for now it's only Skype over port 443 directly over IP to the outside, but I'm not really comfortable with that.
 
How did you solve this for you?
 
Thanks a lot in advance!
 
TJ
 
[Translated with www.DeepL.com/Translator (free version)]


This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Could you please check if you have Anti-DoS/Flooding protection configured for UDP? 

    Navigate to Network Protection > Intrusion Prevention > Anti-D0S/Flooding > UDP Flood Protection. 

    Thanks,

  • Dear,

    thank you!

    Yes, it´s active. Mode: "Source and Destination Adresses"


    TJ

  • Hallo TJ,

    If there's anything in the Intrusion Prevention log related to this, show us a line.  Same for the Web Filtering log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi!

    Of course we can investigate this in depth. 

    But I thought it would be easier, because I think I´m not the first with this Use-Case, that somebody tells me how to configure Skype
    with a UTM as Proxy OR that somebody tells me, that the only way to get this working is really to make a Firewall-Rule, like I did...

    THX!

    TJ

  • Possible the web proxy is causing issues?  Do you have https scanning enabled?  Easiest to just turn the web proxy off entirely to test.  If it works, then you can turn it back on but make an exception for skype.  I had to do that to make zoom work.

  • OF COURSE, I think, the Proxy is causing the issue. And yes, I have https-Scanning active.
    ...but also defined an exception...

    When, as mentioned, opening Port 443 in Firewall for "Skype-PCs" and so bypassing the UTM-Proxy, everything seems to work.

    Could it be the Case that Skype is simply not working with Sophos UTM as Proxy in Standard-Mode?
    Can somebody confirm that? Or the opposite?

    THANK YOU!

    TJ

Reply
  • OF COURSE, I think, the Proxy is causing the issue. And yes, I have https-Scanning active.
    ...but also defined an exception...

    When, as mentioned, opening Port 443 in Firewall for "Skype-PCs" and so bypassing the UTM-Proxy, everything seems to work.

    Could it be the Case that Skype is simply not working with Sophos UTM as Proxy in Standard-Mode?
    Can somebody confirm that? Or the opposite?

    THANK YOU!

    TJ

Children