Block User Logins to Skype

You can configure Application Control to block a user login to the Skype network. It is important to understand that Application Control can only block the Skype login process. It cannot block traffic for a Skype client that has already logged in and has an active connection. For example:

  • If a remote user logs in to Skype when the computer is not connected to your network, and then the user connects to your network while the Skype client is still active, Application Control cannot block the Skype traffic until the user logs off the Skype network or restarts their computer.
  • When you first configure Application Control to block Skype, any users that are already logged in to the Skype network are not blocked until they log off the Skype network, or restart their computers.

To configure an Application Control action to block user logins to Skype:

  1. Select Subscription Services > Application Control.
  2. Double-click the Application Control action you want to edit.
  3. To quickly find the Skype application, type "Skype" in the search text box.
  4. From the list of applications, select the Skype application.
  5. Click Edit.

Screen shot of the Actions by Application dialog box for the Skype application
Application Control configuration in Fireware Web UI

Application Control configuration in Policy Manager

  1. Set the action for all behaviors to Drop.
  2. Click OK to save the action for the Skype application.

After you configure the Application Control action to block Skype, you must apply this Application Control action to all policies in your configuration. You can do this when you edit each policy, or in the Policies section of the Application Control configuration.

To effectively block Skype, you must block it for everyone on your network. If you create a policy to allow Skype for a specific group of users, Skype is not effectively blocked for other users. Any Skype client on your network can identify a peer Skype node that is not blocked, and can use that peer to complete a Skype connection.

If you have a high precedence policy that allows all DNS, you must configure the DNS policy to use the Application Control action that blocks Skype.