Need to create a firewall rule without layer 7 protocol, where a specific user group can only access skype and viber, nothing else. How can I do it?
Is it not going to be very straightforward, but you might look at :
https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_lyo
Here you have the current public IP’s of the different 365-services (including Skype for Bus & Teams etc)
You could try to make a filter based on these, however it will be a bit trial & error I think.
For Viber, same issue.
PORTWISE, it requires the following
In order for Viber Desktop to run on your computer, the following ports must be open for all addresses for both TCP and UDP:
5242
4244
5243
7985
80
443
…but as you see 80/443 must be open so …you would need to start filtering on destination (Viber) IP’s too and it seems that is not documented.
The thing is, filtering such applications must be handled at another level, not based on ports or IP’s but more on signatures etc.
Mikrotik does not do that. Really the wrong product to address this.
You Write on Paper.
USE OF PC IS LIMITED TO SKYPE AND VIBER
ANY OTHER USE IS NOT PERMITTED AND
WILL RESULT IN REMOVAL OF PREMISES
’
oh and then laminate it.
Done!!