Connection issues for Microsoft (Skype, Office365) after enabling DPI services
Description
When you enable App Control and block the signature ID 5 or ID 7, it may cause connection issues with Microsoft applications such as Skype, Skype for Business and Office 365.
-after-enabling-DPI-services-kA1VN0000000NzI0AU-0EMVN00000EoVVc.png)
-after-enabling-DPI-services-kA1VN0000000NzI0AU-0EMVN00000EoVVq.png)
SID 5 is for TCP Random Encryption and SID 6 is for UDP Random Encryption. This article shows you how to create a Access Rule to fix such communication issues for Microsoft Applications. This article also applies to excluding traffic from DPI-SSL.
Resolution
Create Address Group with Microsoft FQDNs & IPs
- Login to your SonicWall management page and click Manage tab on top of the page.
- Navigate to Objects |Address Objects page. On right Side, Click on Address Groups Tab and select View as Custom.
- Click Add button under Address Groups, to get Add Address Object Group Window.
- Name: MS_Applications.
- Add Address Objects, which you created for MS FQDNs & IPs to Right side of table.
- Click OK.
-after-enabling-DPI-services-kA1VN0000000NzI0AU-0EMVN00000EoVVp.png)
Skype relevant objects:
| Name | Zone | Type | IP/HostName |
|---|---|---|---|
| api.skype.com | WAN | FQDN | api.skype.com |
| apps.skype.com | WAN | FQDN | apps.skype.com |
| community.skype.com | WAN | FQDN | community.skype.com |
| download.skype.com | WAN | FQDN | download.skype.com |
| login.skype.com | WAN | FQDN | login.skype.com |
| pipe.skype.com | WAN | FQDN | pipe.skype.com |
| secure.skype.com | WAN | FQDN | secure.skype.com |
| .lync.com | WAN | FQDN | .lync.com |
| .pipe.aria.microsoft.com | WAN | FQDN | .pipe.aria.microsoft.com |
| .infra.lync.com | WAN | FQDN | .infra.lync.com |
| .online.lync.com | WAN | FQDN | .online.lync.com |
| .resources.lync.com | WAN | FQDN | .resources.lync.com |
| pipe.skype.com | WAN | FQDN | pipe.skype.com |
| swx.cdn.skype.com | WAN | FQDN | swx.cdn.skype.com |
| .config.skype.com | WAN | FQDN | .config.skype.com |
| config.edge.skype.com | WAN | FQDN | config.edge.skype.com |
| .sfbassets.com | WAN | FQDN | .sfbassets.com |
| .urlp.sfbassets.com | WAN | FQDN | .urlp.sfbassets.com |
| .skypeforbusiness.com | WAN | FQDN | .skypeforbusiness.com |
| skypemaprdsitus.trafficmanager.net | WAN | FQDN | skypemaprdsitus.trafficmanager.net |
| graph.skype.com | WAN | FQDN | graph.skype.com |
| .users.storage.live.com | WAN | FQDN | .users.storage.live.com |
| SKYPE-01 | WAN | Network | 64.4.23.0/255.255.255.0 |
| SKYPE-02 | WAN | Network | 65.55.223.0/255.255.255.0 |
| SKYPE-03 | WAN | Network | 11.221.77.0/255.255.255.0 |
| SKYPE-04 | WAN | Network | 157.55.56.0/255.255.255.0 |
| SKYPE-05 | WAN | Network | 157.55.130.0/255.255.255.0 |
| SKYPE-06 | WAN | Network | 155.55.235.0/255.255.255.0 |
| SKYPE-07 | WAN | Network | 157.56.22.0/255.255.255.0 |
Office relevant Objects
You can visit Microsoft Services : Office365 URLs and IPs
Create Access Rule to By-Pass DPI
- Login to your SonicWall management page and click Manage tab on top of the page.
- Navigate to Rules | Access Rules page. On right side, click Add button..
- In Add Rule Window, create an Access Rule From LAN To WAN zone as below.
-after-enabling-DPI-services-kA1VN0000000NzI0AU-0EMVN00000EoVVi.png)
- Then click Advanced and enable Disable DPI checkbox. Click Add .
-after-enabling-DPI-services-kA1VN0000000NzI0AU-0EMVN00000EoVVn.png)
Related Articles
not finding your answers?