Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 34335 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebEx Bypass HTTPS Scanning on a Sophos UTM

RichardOsborn

Hi, I'm running Sophos UTM 9 with decrypt and scan HTTPS traffic enabled.

WebEx works fine when I turn off SSL Scanning for a machine, but I'm having trouble find all the URLs that WebEx uses; so that I can exclude them from the SSL Scanning.

Below are all the URLs that I have found within the Web Filtering logs.

^.*\.webex\.com
^.*\.webexconnect\.com
^.*\.ciscowebex\.com
https://62.109.231.15/ 
https://webex.tt.omtrdc.net/

I have created a rule to exclude these URLs from the SSL Scanning but WebEx still doesn't work. I can't see anymore URL present in the logs or see anything being block in the Firewall, Application Control or Intrusion Prevention System logs.

Have I missed something here? Has anyone else got WebEx working through a Sophos UTM with HTTPS Decrypt and Scan enabled?

Any help is appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Richard,

    What rule did you configure? Can you share the captured URL(s) I will verify if the generated RegEx are correct?

    Thanks

  • 0 in reply to sachingurung

    Thanks for the quick response,

    I configured a 'Filtering Option' rule with just 'SSL Scanning' excluded and use the 'Matching these URLs' for the filter with the above URLs.  

    These are all the URLs that I could find in the Web Filtering log related to WebEx.

    url="https://meetingsln.webex.com/"
    url="https://ed1chcbmm100.webex.com/"
    url="https://ed1txcbmm80.webex.com/"
    url="https://ed1hkcbmm70.webex.com/"
    url="https://imln6.ciscowebex.com/"
    url="https://ed1sjcbmm10.webex.com/"
    url="https://62.109.231.15/"
    url="https://dms-eu.webexconnect.com/"
    url="https://webex.tt.omtrdc.net/"

    I'm fairly certain that they are matched by my rule as they all have an exceptions="ssl" next to them in the log.

  • 0 in reply to RichardOsborn

    Hi Richard,

    Go to Web Protection > Filter options> Filter action> policies> Website and add the following RegEx in the allowed list.

    ^https?://([A-Za-z0-9.-]*\.)?meetingsln\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1chcbmm100\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1txcbmm80\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1hkcbmm70\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?imln6\.ciscowebex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1sjcbmm10\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?62\.109\.231\.15/
    ^https?://([A-Za-z0-9.-]*\.)?dms-eu\.webexconnect\.com/
    ^https?://([A-Za-z0-9.-]*\.)?webex\.tt\.omtrdc\.net/

    Hope that helps:)

Reply
  • 0 in reply to RichardOsborn

    Hi Richard,

    Go to Web Protection > Filter options> Filter action> policies> Website and add the following RegEx in the allowed list.

    ^https?://([A-Za-z0-9.-]*\.)?meetingsln\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1chcbmm100\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1txcbmm80\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1hkcbmm70\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?imln6\.ciscowebex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1sjcbmm10\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?62\.109\.231\.15/
    ^https?://([A-Za-z0-9.-]*\.)?dms-eu\.webexconnect\.com/
    ^https?://([A-Za-z0-9.-]*\.)?webex\.tt\.omtrdc\.net/

    Hope that helps:)

Children