Allow Webex Audio/Video through Edge SWG (ProxySG)
search cancel

Allow Webex Audio/Video through Edge SWG (ProxySG)

book

Article ID: 173861

calendar_today

Updated On:

Products

ProxySG Software - SGOS ISG Content Analysis ISG Proxy

Issue/Introduction

Webex does not work using Edge SWG (ProxySG)

OR

Webex audio/video fails to connect using Edge SWG (ProxySG)

Resolution

Allow webex audio/video through Edge SWG (ProxySG)

Below is KB article from Cisco, Which recommends to not SSL intercept CIDR and Domains for webex to work correctly through Edge SWG (ProxySG).

https://help.webex.com/en-us/WBX264/Network-Requirements-for-Cisco-Webex

Solution for Explicit and Transparent Deployments on Edge SWG (ProxySG)

;===========For Explicit Deployments ===========================================
<proxy>
condition=webex_Allow detect_protocol(no) authenticate(no) ALLOW

define condition webex_Allow
url.domain=webex.com
url.domain=ciscospark.com
url.domain=webexcontent.com
url.domain=rackcdn.com
url.domain=wbx2.com
url.domain=quovadisglobal.com
url.domain=localytics.com
url.domain=clouddrive.com
url.domain=crashlytics.com
url.domain=js-agent.newrelic.com
url.domain=bam.nr-data.net
url.address=23.89.0.0/16
url.address=62.109.192.0/18
url.address=64.68.96.0/19
url.address=66.114.160.0/20
url.address=66.163.32.0/19
url.address=69.26.160.0/19
url.address=114.29.192.0/19
url.address=150.253.128.0/17
url.address=170.72.0.0/16
url.address=170.133.128.0/18
url.address=173.39.224.0/19
url.address=173.243.0.0/20
url.address=207.182.160.0/19
url.address=209.197.192.0/19
url.address=210.4.192.0/20
url.address=216.151.128.0/19
url.address=144.196.0.0/16
url.address=163.129.0.0/16
end

;========================================================================================================================================

For Transparent Deployments follow below

FROM CONFIGURE TERMINAL IN Edge SWG (ProxySG) CLI Copy all of the below and simply paste- These are all Webex IP ranges.

proxy-services
create tcp-tunnel Webex
edit Webex
add all 64.68.96.0/19 443

add all 66.114.160.0/20 443

add all 66.163.32.0/19 443

add all 173.39.224.0/19 443

add all 173.243.0.0/20 443

add all 207.182.160.0/19 443

add all 209.197.192.0/19 443

add all 216.151.128.0/19 443

add all 114.29.192.0/19 443

add all 210.4.192.0/20 443

add all 69.26.176.0/20 443

add all 69.26.160.0/20 443

add all 62.109.192.0/18 443

add all 23.89.0.0/16 443

add all 150.253.128.0/17 443

add all 170.72.0.0/16 443

add all 170.133.128.0/18 443

As for the authentication portion you can implement the following CPL.
 
<Proxy>
service.name="Webex" authenticate(no) ALLOW

;------------------------ Also Disable SSL Interception for Server_Certificate Category in SSL Intercept Layer------------------------------------

localytics.com
rackcdn.com
clouddrive.com
crashlytics.com
js-agent.newrelic.com
bam.nr-data.net
wbx2.com
quovadisglobal.com
webex.com


Similar actions can be taken on the resources listed for Zoom in the below KB:
https://support.zoom.us/hc/en-us/articles/201362683-Network-Firewall-or-Proxy-Server-Settings-for-Zoom