ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Lifesize Cloud meeting interrupted when using WSS agent

book

Article ID: 228318

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Lifesize meetings (https://www.lifesize.com/) enabled for internal users
User reported that the meeting through lifesize would be interrupted on a regular basis - no errors reported, but meeting would simply stall
WSS agent was enabled on the same host although traffic was bypassed from going through WSS
Disabling the WSS agent would make problem go away

Cause

Lifesize traffic was not fully bypassed and had to add IP addresses to the list. 

Environment

Lifesize cloud meeting service

WSS agent 7.4.2 running on WIndows hosts

Resolution

Bypass lifesize from WSS using the https://legacy.lifesize.com/en/help/admin-console/get-started/configure-firewall link. It’s streaming video/audio over TCP 443 (see PCAPs below), but WSS cannot do much with it as we are predominantly a HTTP proxy for Web traffic. 

Additional Information

Using the Symdiag tool to capture traffic, and Syndiag viewer tool to view the PCAPs, we confirmed that the agent was bypassing Lifesize from WSS for some traffic and not other traffic. Here’s a summary of the Lifesize traffic bypassing WSS … DNS queries show 3 different IP addresses and we bypass WSS for the mediastats.lifesizecloud.com domain as we can see with client_hello

The other 2 IP addresses lifesize resolves to are 18.141.x.x and 18.142.x.x and this traffic does come through WSS. Here’s the WSS PCAP but since this is not Web/SSL traffic, it does not give any advantage to sending it through WSS

Adding IP bypasses for these two additional destination hosts addressed the issue.

Attachments