the Application Control was introduced in 7.1.6 with Skype in Voip, filesharing, p2p and IM Groups. In 7.2.0 I can not find Skype anymore.
Can 7.2.0 detect, block or allow Skype traffic? Is it possible to block skype generally but allow Skype for some users only?
We are currently looking into this.
You also might want to look at https://community.mcafee.com/community/business/email_web/webgateway/blog/2010/09/06/skype-and-faceb...
As SKYPE is a network invasive protocol and requires more steps then just web gateway.
is there a timeframe when this will be implemented again?? I need this feature for a MWG for a POC.
In fact, Skye is using a non standard SSL protocol. When inspecting SSL traffic then skype should not be able to access internet. Is this true or not? Or i am a litte bit blue-eyed? 🙂
SSL Scanner enabled -> No Skype
SSL Scanner disabled -> Yes Skype 🙂
The problem with Skype is that there is no way to identify its traffic reliably (yet). So at the moment there is no way to allow Skype through MWG, while leaving SSL Scanner enabled for "normal" SSL sites. The only way to bypass SSL Scanner would be whitelisting by IP, which is hard since Skype uses P2P technologies. Hopefully we will have something in the future as part of the MWG (I think Skype detection works fine in the Firewall today).
correct. SKYPE is using a proprietary encryption which in case SSL decryptio is used wil break. I'll give you a call to chat about your requirement for SKYPE.
thanks for the answer. Will Skype be available in the future again?
I tested this ruleset for me. I thin Skye skhould work when adding the rule.
Btw, i would combine this with a client.ip.
ThorstenNachricht geändert durch Troja on 09.05.12 14:19:57 MESZ
The signature in the sigset was focused on a network centric detection of the protocol, which will only work on a firewall or IDS system. The pattern simply didn't provide benefit for the proxy model MWG is using. However, the steps included in this post will allow blocking Skype. The referenced blog post illustrates this further.
We are looking into further phases to expand the App Control to also include network centric detections, but for now the focus remains on web applications.
Thank you very much Troja, Skype worked in my environment as well.
fwmonitor: Is it possible to block skype generally but allow Skype for some users only?
Think it is. Please test it and let us all know..
Suggestions are heartly welcome!!
I'm just noticing this now, but for everyone who created a rule using "SSL.Server.Handshake.CertificateIsRequested" should not being doing this.
In effect, you are just bypassing SSL scanning in the event that a client certificate is NOT requested (which is most SSL traffic).
Hello Jon Scholten,
Thank you for the suggestion.
Can you please suggest the best rules that I am actually trying accomplish as seen on my snapshot?
Thank you very much in advancec.