Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 40941 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos web appliance and Skype

Sarah77

Hi there everyone.

I'm trying to use Skype in my organisation through the Sophos web appliance but I'm not having much luck.

Sophos are telling me that they "do not support proxying Skype through the Sophos Web Appliance". Skype can't give me a list of https websites or IP addresses to add the the scanning exemption list.

Has anyone else managed this because I need to get this working. I can't just bypass the proxy server for Skype, what's the point of having a proxy server if you do that !!!

Surely someone else has had this issue??? Help please.

Thanks

Sarah

:29627


This thread was automatically locked due to age.
Parents
  • 0

    Problems with Skype usually occur when HTTPS scanning is enabled.  The problem is that the traffic that Skype sends over port 443 (or via the proxy on port 8080) is not actually HTTPS traffic.  It's Skypes' own protocol for doing voip, im, file transfer etc...

    Because it isn't proper HTTPS the Web Appliance can't decrypt this traffic, scan it, and put it back together.  

    Because the appliance can't scan this traffic there is actually little benefit in sending it through the proxy.  I'd recommend to allow the traffic directly out through your firewall.  For those in bridged/transparent mode you may need to stop Skype using port 80/443:   https://support.skype.com/en-gb/faq/FA148/which-ports-need-to-be-open-to-use-skype-for-windows

    Smasshed - I'm afraid the WA can't be used as a SOCKS proxy.  But, there shouldn't be a problem with HTTPS scanning off.  Do you know what mode you are using (bridged/transparent/explicit)?

    Thanks,

    Tom.

    :32989
Reply
  • 0

    Problems with Skype usually occur when HTTPS scanning is enabled.  The problem is that the traffic that Skype sends over port 443 (or via the proxy on port 8080) is not actually HTTPS traffic.  It's Skypes' own protocol for doing voip, im, file transfer etc...

    Because it isn't proper HTTPS the Web Appliance can't decrypt this traffic, scan it, and put it back together.  

    Because the appliance can't scan this traffic there is actually little benefit in sending it through the proxy.  I'd recommend to allow the traffic directly out through your firewall.  For those in bridged/transparent mode you may need to stop Skype using port 80/443:   https://support.skype.com/en-gb/faq/FA148/which-ports-need-to-be-open-to-use-skype-for-windows

    Smasshed - I'm afraid the WA can't be used as a SOCKS proxy.  But, there shouldn't be a problem with HTTPS scanning off.  Do you know what mode you are using (bridged/transparent/explicit)?

    Thanks,

    Tom.

    :32989
Children
No Data
Unfiltered HTML