Webex does not work using Edge SWG (ProxySG)
OR
Webex audio/video fails to connect using Edge SWG (ProxySG)
Allow webex audio/video through Edge SWG (ProxySG)
Below is KB article from Cisco, Which recommends to not SSL intercept CIDR and Domains for webex to work correctly through Edge SWG (ProxySG).
https://help.webex.com/en-us/WBX264/Network-Requirements-for-Cisco-Webex
Solution for Explicit and Transparent Deployments on Edge SWG (ProxySG)
;===========For Explicit Deployments ===========================================
<proxy>
condition=webex_Allow detect_protocol(no) authenticate(no) ALLOW
define condition webex_Allow
url.domain=webex.com
url.domain=ciscospark.com
url.domain=webexcontent.com
url.domain=rackcdn.com
url.domain=wbx2.com
url.domain=quovadisglobal.com
url.domain=localytics.com
url.domain=clouddrive.com
url.domain=crashlytics.com
url.domain=js-agent.newrelic.com
url.domain=bam.nr-data.net
url.address=23.89.0.0/16
url.address=62.109.192.0/18
url.address=64.68.96.0/19
url.address=66.114.160.0/20
url.address=66.163.32.0/19
url.address=69.26.160.0/19
url.address=114.29.192.0/19
url.address=150.253.128.0/17
url.address=170.72.0.0/16
url.address=170.133.128.0/18
url.address=173.39.224.0/19
url.address=173.243.0.0/20
url.address=207.182.160.0/19
url.address=209.197.192.0/19
url.address=210.4.192.0/20
url.address=216.151.128.0/19
url.address=144.196.0.0/16
url.address=163.129.0.0/16
end
;========================================================================================================================================
For Transparent Deployments follow below
FROM CONFIGURE TERMINAL IN Edge SWG (ProxySG) CLI Copy all of the below and simply paste- These are all Webex IP ranges.
proxy-services
create tcp-tunnel Webex
edit Webex
add all 64.68.96.0/19 443
add all 66.114.160.0/20 443
add all 66.163.32.0/19 443
add all 173.39.224.0/19 443
add all 173.243.0.0/20 443
add all 207.182.160.0/19 443
add all 209.197.192.0/19 443
add all 216.151.128.0/19 443
add all 114.29.192.0/19 443
add all 210.4.192.0/20 443
add all 69.26.176.0/20 443
add all 69.26.160.0/20 443
add all 62.109.192.0/18 443
add all 23.89.0.0/16 443
add all 150.253.128.0/17 443
add all 170.72.0.0/16 443
add all 170.133.128.0/18 443
As for the authentication portion you can implement the following CPL.
<Proxy>
service.name="Webex" authenticate(no) ALLOW
;------------------------ Also Disable SSL Interception for Server_Certificate Category in SSL Intercept Layer------------------------------------
localytics.com
rackcdn.com
clouddrive.com
crashlytics.com
js-agent.newrelic.com
bam.nr-data.net
wbx2.com
quovadisglobal.com
webex.com
Similar actions can be taken on the resources listed for Zoom in the below KB:
https://support.zoom.us/hc/en-us/articles/201362683-Network-Firewall-or-Proxy-Server-Settings-for-Zoom