Solved

Block Skype Fortigate version 4 MR1

Posted on 2010-08-25
5
5,975 Views
Last Modified: 2013-11-09
Hi,

I am trying to configure a Fortigate 110C to block Skype traffic from exiting the LAN. All attempts to use application control to block P2p/Skype and apply that to a firewall protection profile have failed. The OS is 4.0 MR 1 Patch 6.

0
Comment
Question by:dlg654
5 Comments
 
LVL 3

Expert Comment

by:sasi_kmr
ID: 33528530
check to which ips they get connected and block that ip.

0
 

Author Comment

by:dlg654
ID: 33528550
Alas that can change. I am looking for a more generic solution
0
 
LVL 3

Expert Comment

by:sasi_kmr
ID: 33528574
i easiest way to block is to block 80 port.

else change the port number to something else in all the skype installation.

which ever is easier.

thanks,
$a$i
0
 
LVL 4

Expert Comment

by:goyal_251
ID: 33528597
Block 5060 TCP and UDP port.it will block SIP port
0
 
LVL 4

Accepted Solution

by:
iworks-uworks earned 250 total points
ID: 33531875
Configure the application control to block skype. Assign it to the protection profile of the policy that you want to block.
You MUST clear all sessions of the policy before it will work. Disable and re-enable the firewall policy (make sure you won't be disconnecting yourself) OR restart the firewall. I tested on a Fortigate 80C 4.0 MR1 Patch 4 and confirmed it.
If that doesn't work let me know.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ISP 1000 - Netscreen 2 64
Hardening ScreenOS 8 118
l2tp tunnel from pc to router 14 94
ipsec tunnel comme not up 10 116
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Article by: Ahmedn1
Introduction Some developers today tend to use Skypekit in their applications to make it more interactive with the user. Skype API is very awesome indeed but the problem is it is only available in C++, Java and Python. I can't understand why Micr…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question