Software "Personal" Firewalls A personal firewall is a piece of commercial software installed on a computer that is designed to prevent unauthorized and potentially damaging communications from reaching the computer and adversely affecting its operation. As awareness and concerns about Internet security have increased, so has the adoption of personal firewalls. In fact, the Microsoft XP operating system with Service Pack 2 now includes a software firewall as part of its standard installation. These software firewalls work much like traditional hardware firewalls: They allow only trusted communications to pass through the firewall to the heart of the computer while other, unauthorized communications are blocked. To work properly, the Skype application must be able to communicate with the Internet. By default, however, a computer with a software firewall will often block communication that is necessary for Skype to work. This section describes how to configure these industry-standard firewalls: Windows Firewall for Windows XP Service Pack 2 Trend Micro PC-cillin Internet Security McAfee Personal Firewall Plus Symantec Norton Personal Firewall ZoneAlarm Pro Mac OS X Firewall Windows Firewall for Windows XP Service Pack 2 This section covers configuring the Windows Firewall on an individual PC and for a group. Individual PC To set up the Windows Firewall to work properly with Skype, follow these steps: 1. | Open the Windows Firewall Control Panel by choosing Start > Control Panel > Windows Firewall. | 2. | Select the General tab (if it is not already selected). | | | 3. | Determine whether the Windows Firewall is On (Recommended) or Off (Not Recommended) (see Figure C-1). Figure C-1. Windows XP Service Pack 2 Firewall on By default, the Windows Firewall should be On unless a third-party firewall has been installed that has deactivated the Windows Firewall. If the Windows Firewall is off, close the Windows Firewall Control Panel, and set up the third-party firewall to work with Skype. Otherwise, if no third-party firewall is installed, turn the Windows Firewall on to safeguard the computer from malicious network activity. | 4. | Assuming that the Windows Firewall is on, make sure that the Don't Allow Exceptions checkbox is unchecked. If there is a check in the checkbox, uncheck it. | 5. | Select the Exceptions tab. | | | 6. | If you see Skype in the Programs and Services list, make sure that the Skype checkbox is checked (see Figure C-2), and click OK. Figure C-2. Windows XP Service Pack 2 Firewall exceptions Skype should be listed with a check in the Programs and Services list. If you do not see Skype in the Programs and Services list, click Add Program; select Skype from the Programs list; and click OK. Skype should be listed with a check in the Programs and Services list. | 7. | Click OK to finish. | 8. | Click OK to confirm any changes you have made. | 9. | Close the Windows Firewall Control Panel. Skype should work properly now. If it does not, refer to Chapter 7 or the Skype Forums at http://forums.skype.com for more information on how to get Skype to work properly. | Trend Micro PC-cillin Firewall exceptionsGroup Policy Settings If you are a system administrator responsible for managing a Group Policy object for a Windows application, you can optimize a network for Skype by applying an exception in the Group Policy snap-in. To add an exception rule to your existing policy settings, set the Group Policy Setting profile: [View full width] Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Standard Profile The policy setting should be: Windows Firewall: Define program exceptions (Enabled) Here is the specific program exception definition that you should add: %PROGRAMFILES%\skype\phone\skype.exe:*enabled:Skype Trend Micro PC-cillin Internet Security To set up the Trend Micro PC-cillin Internet Security firewall to work properly with Skype, follow these steps: 1. | Open the Trend Micro PC-cillin Internet Security firewall, and select the Network Security tab on the left side of the window. | 2. | Click Personal Firewall. The Personal Firewall window is displayed. | 3. | Determine whether the firewall is on or off. The firewall should be on. If the firewall is off, and you are using Windows 2000, the firewall is not the cause of the problem. If you are using Windows XP, it's possible that the Windows XP Service Pack 2 Firewall is on. | | | 4. | Select the active profile (indicated by the green ball), and click Edit. The Personal Firewall Profile window is displayed. | 5. | Click the Exception List tab. | 6. | Find Skype in the list of exceptions. You should see two entries for Skype: one for incoming connections and another for outgoing connections (see Figure C-3). If you see two entries for Skype, skip to step 10. Figure C-3. | 7. | If you do not see Skype listed in the Exception List, or if you only see one entry for Skype, click Add. The Add/Edit Personal Firewall window is displayed. | | | 8. | In the Description field, enter Skype; allowoutgoing TCP and UDP message packets through the firewall on all ports (see Figure C-4); and click OK. Figure C-4. Trend Micro PC-cillin Firewall allowing outgoing messages | 9. | Click Add again. The Add/Edit Personal Firewall window is displayed. | | | 10. | In the Description field, enter Skype; allow incoming TCP and UDP message packets through the firewall on all ports (see Figure C-5); and click OK. Figure C-5. TrendMicro PC-cillin Firewall allowing incoming messages If the Permissions column indicates that the permissions for Skype are set to allow access, Skype should be working. | | | 11. | If Skype isn't working, close the Trend Micro PC-cillin Internet Security firewall, and refer to Chapter 7 or the Skype Forums at http://forums.skype.com for more information on how to get Skype to work properly. If the Permissions column indicates that Skype is blocked, edit the permissions to allow TCP and UDP messages to get in and out so that Skype can communicate with the Internet properly, and close the Trend Micro PC-cillin Internet Security firewall. Skype should work properly. If it does not, refer to Chapter 7 or the Skype Forums at http://forums.skype.com for more information on how to get Skype to work properly. | McAfee Personal Firewall Plus To set up McAfee Personal Firewall Plus to work properly with Skype, follow these steps: 1. | Open McAfee Security Center, and select the Personal Firewall Plus tab on the left of the window. | 2. | Select View the Internet Application List. A new window is displayed, showing a list of software applications that access the Internet. | | | 3. | Find the column with the Skype application name (see Figure C-6). Figure C-6. McAfee Personal Firewall Plus exceptions If you do not see Skype listed in the Internet Applications list, click New Allowed Application, create a new exception, and allow full access for Skype. If the Permissions column indicates that the permissions for Skype are set to allow full access, Skype should be working. | 4. | If Skype isn't working properly, close McAfee Personal Firewall Plus, and refer to Chapter 7 or visit the Skype Forums at http://forums.skype.com for more information on how to get Skype to function properly. If the Permissions column indicates that Skype is blocked, change permissions to allow full access so that Skype can communicate with the Internet, and close McAfee Personal Firewall Plus. Skype should work properly. If it does not, refer to Chapter 7 or the Skype Forums at http://forums.skype.com for more information on how to get Skype to work properly. | Symantec Norton Personal Firewall To set up the Symantec Norton Personal Firewall to work properly with Skype, follow these steps: 1. | Open Norton Internet Security; select Norton Personal Firewall; and click Configure. | 2. | Click Norton Personal Firewall on the left side of the window. | | | 3. | Determine whether the firewall is on or off. The firewall should be on (see Figure C-7). If the firewall is off, and you are using Windows 2000, the firewall is not the cause of the problem you are experiencing. If you are using Windows XP, it's possible that the Windows XP Service Pack 2 Firewall is set on instead. Figure C-7. Norton Personal Firewall on | 4. | Select the Programs tab. | | | 5. | In the Manual Program Control section, find Skype in the list of programs. If the Internet Access column indicates that the permissions for Skype are set to permit all access, Skype should be working. If it isn't, close the Norton Personal Firewall, and refer to Chapter 7 or the Skype Forums at http://forums.skype.com for more information on how to get Skype to work properly. If the Internet Access column indicates that Norton Personal Firewall is set up to block all or provide custom access, continue to the next step to change the permissions so that Skype can communicate with the Internet. | 6. | Select Skype, and in the Internet Access column, click the drop-down menu to set the access level to Permit All (see Figure C-8). Figure C-8. Norton Personal Firewall manual program control | | | 7. | Click OK and close Norton Personal Firewall. Skype should work properly. | ZoneAlarm Pro To set up the ZoneAlarm Pro firewall to work properly with Skype, follow these steps: 1. | Open the ZoneAlarm Pro firewall, and select the Program Control tab on the left side of the window. | 2. | Select the Programs tab (if it wasn't already selected), and find Skype in the list of programs. | 3. | Find the Skype row. | 4. | In the Skype row, right-click each question marked ? or X to display a context menu of options (see Figure C-9). Figure C-9. ZoneAlarm Pro trust level | 5. | Set the Trust Level option to Trusted. | | | 6. | Set the options for Access, both Trusted and Internet, to Allow. | 7. | Set the options for Server, both Trusted and Internet, to Allow. | 8. | Set the option for Send Mail to Allow (see Figure C-10). Figure C-10. ZoneAlarm Pro Trust Level settings | 9. | Close the ZoneAlarm Pro firewall. Skype should work properly. If it does not, refer to Chapter 7 or the Skype Forums at http://forums.skype.com for more information on how to get Skype to work properly. | Mac OS X Firewall Although Skype works properly with the Mac OS X Firewall without any additional configuration, optimizing the Mac OS X Firewall's settings can improve Skype sound quality. To improve Skype performance, follow these steps: | | 1. | Launch Skype. | 2. | Choose Skype > Preferences. | 3. | Select Advanced. | 4. | Write down the port number listed for Connection: Port. This number is different for each Skype installation. | 5. | Open Mac OS X System Preferences; select Sharing; and then choose Firewall. | 6. | On the right side of the Allow list, select New. A drop-down menu is displayed. | 7. | Click the drop-down menu, and select Other. | 8. | In the blank space for Port Number, Range or Series, enter the port number you wrote down in step 4. | 9. | Enter Skype for the description. | 10. | Close the Sharing and Preferences windows. Skype should work even better now. | |