Versions / Builds AffectedAll versions
Problem SummaryWe have a known problem with Skype which is the reason why Skype does not show up in our application control list. The issue is that Skype does not work through GFI WebMonitor even if it is allowed, if HTTPs inspection is turned on.
TT / JIRAID839
How to IdentifyThe bug is not ours and we are going to open support tickets with them as the implementation of the HTTPs protocol is not according to RFC.
GFI WebMonitor does have exceptions for HTTPs inspection traffic which can be configured per IP /domain(destination) or user basis, but they do not really help:
1. Skype uses a concept of super nodes and uses P2P communication, so there is no list of main servers that Skype connects to, which could have been added to the HTTPs inspection exception list in GFI WebMonitor. So Skype would use the closes supernode (P2P) it finds and you do not know the IP of that before hand. Also next day it can use another supernode someplace else.
Workaround / Fix Details1. Disable HTTPs inspection
2. Another possible workaround that might work, is set a default port in Skype client configuration (via GPO) and allow that port in the firewall.
Required ActionsUpgrade to WebMonitor 2015 or later and install all patches