According to this: http://www.skype.com/help/guides/firewalls/technical.html If you don't want to swiss cheese the firewall, you can try to create a rule allowing https(tcp port 443) for the Skype machine, and add this machine to the source exceptions of the HTTPS inspection, as the HTTPS inspection should normally "break" Skype communications over TCP port 443 due to the nature of Skype's traffic(unless they upgrade Skype or so). I know this does not sound nice, but this comes to my mind right now...
Did anyone have any success with this, i have also been looking into getting Skype to work with TMG but as the destination is unknown for Skype due to the P2P nature of it i can't see how to create an exception rule.
It worked for me a little bit brutal today(as I needed access quickly): - unbind the web proxy filter from the HTTPS protocol(to "correct" the pre-connect behavior). A sort of a forced HTTPS "direct access". - configure my Skype machine as SecureNAT client. - added my machine to the source exclusions of the HTTPS inspection.
If you can detail on that rule allowing outgoing traffic if you have a working configuration , I'm sure the OP will be more than thankful to you. I rarely use Skype, for my personal needs it kinda worked like above(very insecure way of doing it...).
Well, I allowed the port range (UDP/TCP 1-65535) for skype, even unbind the proxy filter and added my PC to HTTPS source exception, but as far as I can tell, if I have HTTPS inspection turned on skype does not connect. When I turned HTTPS inspection off, skype connects almost immediately.
Do you have any idea how to get skype through and still keep HTTPS inspection on???
< Message edited by TreeFox -- 17.Feb.2010 1:19:27 AM >
I've finally found the solution to make skype work...
1. Fist of all, I want my TMG to check HTTPS => HTTPS Inspection=On 2. Create protocol that open outbound traffic =>TCP(outbound)=1-65535 =>UDP(send receive)=1-65535 3. Create firewall rule for this protocol from Internal To Internet network 4. Install Forefront TMG Client (it's part of installation files) on local computer, and allow its support on TMG server. 5. To restrict skype from using other rules (holes in other rules), add its signature which will prevent such behavior. 6. Try to connect to skype network.
< Message edited by TreeFox -- 8.Mar.2010 7:05:56 AM >