You can try this:
- Remove the Skype application from your rule.
- Create a custom application on TCP port 443.
- Create a new rule and put it below your Internet Services rule (whichever rule you have that passes HTTP and SSL/TLS).
- Use this TCP/443 application in this rule and make the source and dest. endpoints and NAT match the rule above it.
Skype traffic does not match our SSL/TLS signature. When Skype 443 traffic hits the SSL/TLS rule it will not match and will go on to the next rule. The next rule will pass traffic on TCP/443 and this will match the Skype traffic and should pass it.