Lifesize meetings (https://www.lifesize.com/) enabled for internal users
User reported that the meeting through lifesize would be interrupted on a regular basis - no errors reported, but meeting would simply stall
WSS agent was enabled on the same host although traffic was bypassed from going through WSS
Disabling the WSS agent would make problem go away
Lifesize traffic was not fully bypassed and had to add IP addresses to the list.
Lifesize cloud meeting service
WSS agent 7.4.2 running on WIndows hosts
Bypass lifesize from WSS using the https://legacy.lifesize.com/en/help/admin-console/get-started/configure-firewall link. It’s streaming video/audio over TCP 443 (see PCAPs below), but WSS cannot do much with it as we are predominantly a HTTP proxy for Web traffic.
Using the Symdiag tool to capture traffic, and Syndiag viewer tool to view the PCAPs, we confirmed that the agent was bypassing Lifesize from WSS for some traffic and not other traffic. Here’s a summary of the Lifesize traffic bypassing WSS … DNS queries show 3 different IP addresses and we bypass WSS for the mediastats.lifesizecloud.com domain as we can see with client_hello
The other 2 IP addresses lifesize resolves to are 18.141.x.x and 18.142.x.x and this traffic does come through WSS. Here’s the WSS PCAP but since this is not Web/SSL traffic, it does not give any advantage to sending it through WSS
Adding IP bypasses for these two additional destination hosts addressed the issue.