I have been searching this forum and the net about ISA2006 and Skype. Most of the posts is how to block it, while I would like to make sure not only to allow it, but provide best user experience. I have about 50 users using Skype on daily basis to contact with our clients via Skype<->Skype voice calls. I got problems with poor sound quality. I know I got about 3 megabits of bandwidth left as I can see in the live view of Bandwidth Splitter. The other problem is that outside clients can see my users online but are unable to chat to them, or the chat is comming with 2-3 hours delay. I have asked my users to setup Skype incoming port for connections to reflect their IP, i.e someone who has IP address of 10.10.10.150 sets this port to 40150. Then I published port 40150 to be forwarded to 10.10.10.150. I did that for all of my users respectively. However that doesn't help. I also tried setting up proxy in Skype and even enabled SocksProxy on ISA and configured it within Skype, still no luck. I'm not using FWC as some of my users use linux. Ports 80, and 443 are also opened for outbound traffic. I know this sounds crazy but Skype is a business critical application for most of developer teams in my company. I appreciate any suggestions that could resolve my issue.
Thanks for your answer Tarek. I'm testing now the method I used for other financial app which opened many ports to different locations. I'm running it with other user's context. This user is allowed externally on all ports and it seems that it is working fine for Skype too :)
From: Amazon, Brazil
Iīm having the same problem as you. But I donīt think thatīs a good idea to open all your outbound ports, onde all your users uses Skype for communication. This is strongly not recommended. Iīm still try to find a better solution for this. I want to know how is your experience, did you open the all range? Have you found another solution.
thanks for your reply. Keep in mind I did not open all outbound connections for all users. What I did I opened all outboud connections to one 'skypefirewall' domain account. Then used AutoIT and built exe file which invokes Skype using runas command to start Skype in context of this skypefirewall user. This way all communication is still controlled by ISA rules, however Skype.exe has rights to establish connections on all ports. From my experience this resolved my issues. However this workaround has three flaws: - cannot be used if a workstations is out of domain, as there is no way to runas Skype, - even if workstation is in the domain but works on local account then the solution blocks all traffic, as there is no authentication in ISA FWC, - cannot be used by linux users, which unfortunately I have in my environment.