Hello there. I'm wondering if anyone in the community here can help. Our company is in a regulated industry, and we're required to use an approved, compliant IM chat product. But we used to use Skype, which isn't compliant, and we still have some employees who have it installed. We'd like to be able to disable Skype access on the LAN. Would we be able to disable or block Skype on the LAN in our MX100 without also disabling our approved IM product (symphony.com)?
Also, we're a cloud-based company and don't have a client-server network with Windows Active Directory or Group Policies.
If you go Security Appliance > Configure > Firewall, under Layer 7 Firewall rules you can add a policy to deny VoIP & video conferencing. From there you can select Skype on the next drop down box.
Thanks for replying. I saw that entry for Skype in Layer 7 and tried it. It's in place now, but it looks like the only things it blocks/denies are Skype voice and video calls. Users are still able to log into Skype and text chat normally.
Wow, that's a great resource. I failed to specify that we were using the consumer version of Skype, instead of Skype for Business, and we do also use Office 365. I'm amazed by how many FQDNs and IPs the Skype service uses. I honestly expected a handful, but I've found lists of large IP blocks and subnets with hundreds of individual IPs that have changed over time.
Wow, that's a great resource. . . . . and we do also use Office 365. I'm amazed by how many FQDNs and IPs the Skype service uses. I honestly expected a handful, but I've found lists of large IP blocks and subnets with hundreds of individual IPs that have changed over time.
The good news is that MS publishes RSS feeds that update the IP addresses on a monthly basis. It should be pretty simple to automate updating ACLs, as RSS uses a convenient format (XML).
Hi, Uberseehandel. Thank you. The only thing about the Office365 RSS feeds is that I think they cover Skype for Business, which is a totally different product from the consumer version of Skype, which is the one we need to block. They're basically completely different products on the front and back end.
I had a look here and found some plain vanilla Skype info as well - https://support.office.com/en-gb/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-ab... - possibly some of these are used by your version?
Yeah but which ones?? That's the confusion. Msft's resources are all so disorganized and convoluted. I don't see a clear list of the FQDNs and IPs for Skype, which is baffling to me considering that it's a product with +70 million customers and a long history spanning more than a decade. The issue is that I'd end up trial and error-ing to ensure that I didn't also block a needed Office365 service.
These days, I use Bria mobile and Signal, and everybody has free VoIP numbers.
@chad ~ you may block the skype application thru layer 7 in mx100 but this is not a 100% working since it only working on gateway and for some reason maybe you can also raise it on meraki support so that they can update their database for layer 7 application specific for skype application since this application was updated each day.
Any update on this?
Currently have the same situation (wanting to block the Skype App, including the instant messaging, video call, voice call) using MX64.
However, I was still able to use Skype for IM, video call.