Allow only corporate WebEx and block the rest on ProxySG

book

Article ID: 171279

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Allow organization·specific WebEx while blocking others.

Resolution

This article uses an example of a company's WebEx as corporation.webex.com.

Creating a policy to allow corporation.webex.com and blocking the webex.com domain will not help here because the WebEx application tends to connect to several URLs ending with webex.com (e.g. ed1chcbmm100.webex.com). It is not a viable solution to consolidate and whitelist all the backend URLs since there is no constant list of domain names because it keeps changing, and new URLs may get added in the future.

The solution is to exclude webex.com from doing SSL interception and add the below Content Policy Language (CPL) script in Local Policy File.

<proxy>
url.exact=corporation.webex.com Allow
request.header.User-Agent="WbxAgent" url.domain=webex.com Allow
DENY url.domain=webex.com

Steps to add CPL script in Local Policy File: Add CPL to a local policy file on the ProxySG