ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Allow webex on ProxySG/ASG

book

Article ID: 173444

calendar_today

Updated On:

Products

ProxySG Software - SGOS ASG-S200 ASG-S400 ASG-S500

Issue/Introduction

Webex Conference / Audio Fails to Connect? OR List of IP Ranges & Domains to be allowed for Webex to be fully Functional

Webex gets stuck or Fails to Load or Audio/Conference Fails to connect or Intermittent Connectivity

Environment

Forward Proxy

Resolution

For Explicit Deployment:

Add below policy in proxy Local Policy File, To allow Domains and IP Range for webex to work.

;====================================================================================

<proxy>
condition=webex_Allow detect_protocol(no) authenticate(no) ALLOW

define condition webex_Allow
url.domain=webex.com
url.domain=rackcdn.com
url.domain=wbx2.com
url.domain=quovadisglobal.com
url.domain=localytics.com
url.domain=clouddrive.com
url.domain=crashlytics.com
url.domain=js-agent.newrelic.com
url.domain=bam.nr-data.net
url.address=64.68.96.0/19
url.address=66.114.160.0/20
url.address=66.163.32.0/19
url.address=173.39.224.0/19
url.address=173.243.0.0/20
url.address=207.182.160.0/19
url.address=209.197.192.0/19
url.address=216.151.128.0/19
url.address=114.29.192.0/19
url.address=210.4.192.0/20
url.address=69.26.176.0/20
url.address=69.26.160.0/20
url.address=62.109.192.0/18
end

;=========================================================================================

For Transparent Deployments

FROM CONFIGURE TERMINAL IN PROXY CLI Copy all of the below and simply paste- These are all the Webex IP ranges.

;==========================================================================================

proxy-services
create tcp-tunnel Webex
edit Webex
add all 13.67.180.128/32 443
add all 64.68.96.0/19 443
add all 66.114.160.0/20 443
add all 66.163.32.0/19 443
add all 173.39.224.0/19 443
add all 173.243.0.0/20 443
add all 207.182.160.0/19 443
add all 209.197.192.0/19 443
add all 216.151.128.0/19 443
add all 114.29.192.0/19 443
add all 210.4.192.0/20 443
add all 69.26.176.0/20 443
add all 69.26.160.0/20 443
add all 62.109.192.0/18 443

;================================================================================

Also Disable SSL Interception for Server_Certificate Category in SSL Intercept Layer or add below CPL Code in Local Policy file

<ssl-intercept>
server.certificate.hostname=webex.com ssl.forward_proxy(no)
server.certificate.hostname=rackcdn.com ssl.forward_proxy(no)
server.certificate.hostname=wbx2.com ssl.forward_proxy(no)
server.certificate.hostname=quovadisglobal.com ssl.forward_proxy(no)
server.certificate.hostname=localytics.com ssl.forward_proxy(no)
server.certificate.hostname=clouddrive.com ssl.forward_proxy(no)
server.certificate.hostname=crashlytics.com ssl.forward_proxy(no)
server.certificate.hostname=js-agent.newrelic.com ssl.forward_proxy(no)
server.certificate.hostname=bam.nr-data.net ssl.forward_proxy(no)

;=============================================================================
As for the authentication portion you can implement the following CPL to bypass Auth for IP Range.
 
<Proxy>
service.name="Webex" Authenticate(no) ALLOW

 

Note: Kindly refer to documentation below from Cisco related to list of IP range / Domains / Ports based on your location.

https://help.webex.com/en-us/WBX264/Network-Requirements-for-Cisco-Webex