Cisco Webex and Decrypt & scan HTTPS issue

Question

Hi 
 
 I am trying to get audio to connect within a Cisco webex meeting. 
 
 If i disabled Decrypt & scan HTTPS or add my IP to exceptions the audio connects fine. 
 I have exceptions for each domain listed on https://help.webex.com/en-us/WBX264/Network-Requirements 
 They are all added in the following format 
 
 Looking through the web filter logs I do not see any other domains while trying to connect to the audio. So it appears they are all covered. 
 
 Is there any other reason the XG keeps putting itself between the PC and Cisco when doing the audio connections? Not sure were else to look on the XG for what is triggering this.

rfcat_vk · Accepted Answer

Hi, 
 the application does not appear to work with proxies which is what https scanning does. 
 Basically you will need a rule that allows webex to not use http/s scanning. Do your users always go the same sites for webex conferences, if so you can build a specific rule to all http and https to access those sites only. I don't think creating an exception will work because it is still going through the proxy just not being scanned. 
 
 Quote from Cisco webex site.

"Architecture 
 Firewall Friendly 
 Work through most firewalls using standard HTTP and HTTPS ports." 
 
 Ian

Brian Ritchie · Answer

This has been around for a while - but to get this to work you need to make an exception under Web --> Exceptions. 
 Use the https://help.webex.com/en-us/WBX264/Network-Requirements article and grab all the network CIDR values or use the below: 
 List of IP address ranges used by Cisco Webex Meeting services: 
 
 64.68.96.0/19 (CIDR) or 64.68.96.0 - 64.68.127.255 (net range) 
 66.114.160.0/20 (CIDR) or 66.114.160.0 - 66.114.175.255 (net range) 
 66.163.32.0/19 (CIDR) or 66.163.32.0 - 66.163.63.255 (net range) 
 170.133.128.0/18 (CIDR) or 170.133.128.0 - 170.133.191.255 (net range) 
 173.39.224.0/19 (CIDR) or 173.39.224.0 - 173.39.255.255 (net range) 
 173.243.0.0/20 (CIDR) or 173.243.0.0 - 173.243.15.255 (net range) 
 207.182.160.0/19 (CIDR) or 207.182.160.0 - 207.182.191.255 (net range) 
 209.197.192.0/19 (CIDR) or 209.197.192.0 - 209.197.223.255 (net range) 
 216.151.128.0/19 (CIDR) or 216.151.128.0 - 216.151.159.255 (net range) 
 114.29.192.0/19 (CIDR) or 114.29.192.0 - 114.29.223.255 (net range) 
 210.4.192.0/20 (CIDR) or 210.4.192.0 - 210.4.207.255 (net range) 
 69.26.176.0/20 (CIDR) or 69.26.176.0 - 69.26.191.255 (net range) 
 62.109.192.0/18 (CIDR) or 62.109.192.0 - 62.109.255.255 (net range) 
 69.26.160.0/20 (CIDR) or 69.26.160.0 - 69.26.175.255 (net range) 
 150.253.128.0/17 (CIDR) or 150.253.128.0 - 150.253.255.255 (net range)

Webex audio will work once you save and turn the toggle on.

Dom Nik · Answer

Please also see here: 
 https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/119681/cisco-webex-audio-not-working/436767#436767