Re: Not able to allow skype

2 week ago I saw in the monitoring that it's trying to go over port 33033.
I've opened this port and skype worked but since last week it doesn't work
anymore. Sometimes you are able to sign in to skype but not to call. I've
read a lot of articles that skype goes through almost every firewall, it
finds it's way, but not through isa2004 (and guess what, now there is a
company policy to allow it).

I don't want to configure manually the proxy, it's now via wpad (dhcp) and
automatically detect settings in IE (via gpo), because e.g. our laptop users
will have trouble then connecting from home with a proxy filled in.

Can it be something to do with the webproxy filter which is on for http
traffic rule?

Thx


"Phillip Windell" <@.> wrote in message
news:exjKovr0GHA.328@xxxxxxxxxxxxxxxxxxxxxxx
Make sure you have the latest version of Skype. From the link you gave,
here it the section that describes what you want:

--------------------
If the above is not possible, Skype versions 0.97 or later can use a
HTTPS/SSL proxy. In order to do that, you have to configure the proxy
address in Internet Explorer options. Then Skype will be able to use it as
well.
---------------------

The rest of their options are just insane. Whoever wrote that thing
seemed to be trying to make the product as horribly insecure as they could
possibly make it on purpose, or they were just incompetent.

ISA expects traffic to destination port 80 to be HTTP (to my knowledge)
ISA restricts SSL traffic (HTTPS) to 443 and only 443
Skype requesting outbound access for all ports from 1 to 655355 be allowed
is just so silly that doesn't even deserver a response.
They don't even tell you the IP#s of their Target Servers,...they expect
the Rules that allow it to be for the whole External Network.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------

"Nik" <nik_meeus@xxxxxxxxxxx> wrote in message
news:%23azdclr0GHA.4796@xxxxxxxxxxxxxxxxxxxxxxx
Setup: ISA2004 Edge firewall SP2 running on Win2003 server
Client: Web Proxy (wpad via dhcp - IE on automatically detect settings)

A rule is created from internal to external http-https for the group
"isa_access_internet" Users which are in this group are able to surf the
Internet.

It seems that the port http and https isn't enough, but it shoud work
regarding the following doc
http://www.skype.com/help/guides/firewall.html






.

Relevant Pages

  • Re: HTTPS Using Web Proxy
    ... The ISA log displays the following on the error. ... HTTP Method = ... I created a HTPPS 444 protocol set to TCP port 444 and assigned it to my ... At first I was getting a error code: 502 Proxy Error and fixed that by ...
    (microsoft.public.isa)
  • Re: [Full-disclosure] [inbox] Re: [ Capture Skype trafic ]
    ... conforming HTTP to travel along on port 80. ... you can't be a moron and have every other port under the sun open ... When Skype uses port 80, the protocol used is still Skype's ... if the SSL controls are installed these packets ...
    (Full-Disclosure)
  • Re: Access SSH server via HTTP proxy
    ... I have learned that you can access ssh server via http proxy. ... So I wonder if I change my SSH server port to 8080 for example, ...
    (comp.security.ssh)
  • Re: External IP address
    ... one attached to the NAT gateway. ... any) but will instead get you an ip given by your HTTP proxy -- ... My ISP decided to install a transparent proxy one day without telling ... querying via an alternate port which should solve the problem. ...
    (comp.lang.tcl)
  • RE: ServicePointManager does not support proxies of HTTPS scheme
    ... I think the term proxy is what is adding some confusion. ... There is an HTTP ... proxy server somewhere in your environment that is saying it will not pass ... the browser typically switches to port 443. ...
    (microsoft.public.dotnet.framework.webservices)