Skype connections fail through HTTPS proxy

Xavier Mustin

Administrator
Staff member
#1
Skype connections fail through HTTPS proxy

Applies To

Products:Firebox & XTM
Operating System:11.9.4
Operating System:11.10.x
Operating System:11.9.5
Operating System:11.9.6
Operating System:11.11.x
Issue Status:Open

Status and Tracking
Tracking ID:83766
Status:Open
Resolved In:

Description

If you disable the default Outgoing policy and enable the HTTPS proxy with content inspection in your Firebox configuration, Skype connections can fail. Skype tries to use a large range of high ports, such as 40010 or 30001, and, if these are unavailable, Skype will try TCP port 80.
With Fireware XTM v11.9.4 and later, the HTTPS proxy rejects Skype traffic because it is not HTTPS traffic.

You may see a log message that includes the message when your XTM device denies the Skype traffic:
ProxyDeny: HTTP Invalid Request-Line Format

Workaround

Use the Outgoing policy to handle Skype traffic, or create a custom proxy policy for port 443, with the TCP-UDP proxy enabled. The TCP-UDP proxy will detect the non-HTTP traffic and allow the request through. This may allow other applications to connect on port 443 that do not follow the normal behavior for HTTPS.
 
Haut