Intermittent issue with Consumer Skype access when connecting transparently with SSL interception enabled.
Note: This article does not apply to Skype for Business.
The issue here is introduced by the interception mechanism that the SSL proxy uses. In order for the proxy to inspect the protocol going through port 443, it has to intercept the connection; this involves sending a SYN-ACK for a SYN packet from the Consumer Skype client on the TCP level. This can break Skype login because the Consumer Skype application probes a list of nodes or supernodes and a SYN-ACK causes Consumer Skype to assume the node is up when it may actually not be, because in reality it's the ProxySG responding, not the node. When the ProxySG attempts to connect to the node requested by the client, there might be a case where that particular Skype node/supernode is actually down. This would eventually cause the Consumer Skype client to fail login.
Change the HTTPS service from SSL to TCP Tunnel, with protocol detection enabled, and, in Proxy Setting / General / Enable TCP Tunnel requests when a protocol error detected. This option only available after SGOS 5.5.
Install the following CPL policy into the Local policy file:
Note: If ProxySG is running SGOS release 22.214.171.124, 126.96.36.199, 188.8.131.52 or 184.108.40.206 change 'detect_protocol [ssl,https](no)' to 'detect_protocol [ssl,https,sips,sip](no)'. See article TECH246796 for more details.
To install this policy, please follow these steps: