Let me try to summarize our conclusions so far about this Skype problem (correct me if I am wrong somewhere):
Since it is kind of P2P application it is impossible to identify and control it using firewall rules with static domains or IP address lists. Application control is the only choice.
Skype uses SSL for communication, so the traffic is intercepted with Web filtering policy working in Transparent mode.
Web proxy changes the original client IP with UTM public IP address, so Application control module doesn't see the client's IP address (this is the core of the problem).
If you put a client IP in transparent host skiplist, Application control works but then all client traffic is not controlled by Web filtering.
Let me try to summarize our conclusions so far about this Skype problem (correct me if I am wrong somewhere):
Since it is kind of P2P application it is impossible to identify and control it using firewall rules with static domains or IP address lists. Application control is the only choice.
Skype uses SSL for communication, so the traffic is intercepted with Web filtering policy working in Transparent mode.
Web proxy changes the original client IP with UTM public IP address, so Application control module doesn't see the client's IP address (this is the core of the problem).
If you put a client IP in transparent host skiplist, Application control works but then all client traffic is not controlled by Web filtering.
