Problem Accessing Browser Based WebEx via SafeSquid-SWG? Let's understand the ROOT CAUSE
Posted: Fri Apr 17, 2020 9:10 am
Hello All,
We have seen alot of people facing problem while trying to access WebEx Meeting via browser
Let's first under the Problem and then get to the detail of it.
Whenever a request is made by the Client Application to the Webserver, it can be either Plain HTTP or HTTPS. And the Reserved Standard Port for HTTP(80) & HTTPS(443).
But it is not limited or Restricted to only run HTTP & HTTPS Service on the Reserved Standard Ports.
The Application Vendor can Run it on any Non Standard Ports as well.
i.e A HTTPS Service can run on port 8443. Or a HTTP Service can run on Port 8080 etc.
When Using SafeSquid-SWG, SafeSquid's Default Configuration restricts Connection to HTTPS Service on a Non Standard Port.
Note: It allows HTTPS Connection or SSL Connection on the ports list mentioned in the SafeSquid's System Configuration 'Connect Ports'
Therefore Whenever a client Application connects to a HTTPS or SSL connection via SafeSquid-SWG to a Non-Standard Port or ports not mentioned in the SafeSquid's System Configuration it will be Blocked as Registered as Security Breaches.
A Quick Search on Google Provided some links to WebEx Documentation, which then further explained which all domains & ports need to be allowed on a corporate environment to Seemlessly Access WebEx.
Note: Most of the Application Team provides a brief description of their Application and the network services they connect to and the Destination IP Address/domain & Port Details.
This really helps to configure the Application properly in a corporate network so that only Restriction access which is required by the Application can be provided and rest can be blocked.
These documentation helps to speed up the Application Configuration.
Sam ways WebEx provides a Online Documentation about the Webservices it connects to on Specific ports.
WebEx Documentation Link:
----------------------------------------
https://help.webex.com/en-us/WBX264/How ... My-Network
Details Provided by WebEx Documentation:
-------------------------------------------------------------
----------------------------
How Do I Allow Webex Meetings Traffic on My Network?
Allow domains access through your Firewall, Web Proxy, or any other filtering device, List of IP addresses by region, Ports used by the Webex client for communication for both inbound and outbound traffic, Default Ports used by Video Collaboration Devices
-----------------------------
Below Screenshot Provides a quick view at the destination address and the port used by WebEx.
The block description is provided in both the SafeSquid's log extended as well as native.
******Screenshots left to be Attached********
****Extended Log*****
****Native Log****
Below is a client Scenario who faced such a problem
When you access WebEx in browser, for video streaming WebEx uses different non standard SSL port 5004 & 80
Note: Also, it might use secure websocket to communicate which require us to bypass SSL inspection, since SSL inspection is not enabled this problem will not occur.
In SafeSquid configuration we have predefined secure configuration which restricts any user to make a SSL connection to any website on a non standard port.
This configuration is also granular and can be modified as per the requirements.
To change the configuration:
We need to traverse to
SafeSquid.cfg -> Configure -> Application Setup -> System Configuration -> Compression and Buffering Policies ->
The default policy contains port list where connect (SSL) connection can be made by the user to the given ports.
Note: for stringent policy this policy can be mapped to a specific access policy for better security restrictions.
Therefore inorder to access WebEx
We need to add port 5004 in the connect port list.
Below is an attached file containing list of domains accessed with count.
The attached file contains the detail of request made when Accessing WebEx via browser
The table shows count and website connect request with port
And we can see that it connects(Trying to establish an SSL connection ) to 443, 5004 and sometimes port 80
We can discard the port 80 but port 5004 is more important and should be allowed so that WebEx can be accessed seemlessly.
We have seen alot of people facing problem while trying to access WebEx Meeting via browser
Let's first under the Problem and then get to the detail of it.
Whenever a request is made by the Client Application to the Webserver, it can be either Plain HTTP or HTTPS. And the Reserved Standard Port for HTTP(80) & HTTPS(443).
But it is not limited or Restricted to only run HTTP & HTTPS Service on the Reserved Standard Ports.
The Application Vendor can Run it on any Non Standard Ports as well.
i.e A HTTPS Service can run on port 8443. Or a HTTP Service can run on Port 8080 etc.
When Using SafeSquid-SWG, SafeSquid's Default Configuration restricts Connection to HTTPS Service on a Non Standard Port.
Note: It allows HTTPS Connection or SSL Connection on the ports list mentioned in the SafeSquid's System Configuration 'Connect Ports'
Therefore Whenever a client Application connects to a HTTPS or SSL connection via SafeSquid-SWG to a Non-Standard Port or ports not mentioned in the SafeSquid's System Configuration it will be Blocked as Registered as Security Breaches.
A Quick Search on Google Provided some links to WebEx Documentation, which then further explained which all domains & ports need to be allowed on a corporate environment to Seemlessly Access WebEx.
Note: Most of the Application Team provides a brief description of their Application and the network services they connect to and the Destination IP Address/domain & Port Details.
This really helps to configure the Application properly in a corporate network so that only Restriction access which is required by the Application can be provided and rest can be blocked.
These documentation helps to speed up the Application Configuration.
Sam ways WebEx provides a Online Documentation about the Webservices it connects to on Specific ports.
WebEx Documentation Link:
----------------------------------------
https://help.webex.com/en-us/WBX264/How ... My-Network
Details Provided by WebEx Documentation:
-------------------------------------------------------------
----------------------------
How Do I Allow Webex Meetings Traffic on My Network?
Allow domains access through your Firewall, Web Proxy, or any other filtering device, List of IP addresses by region, Ports used by the Webex client for communication for both inbound and outbound traffic, Default Ports used by Video Collaboration Devices
-----------------------------
Below Screenshot Provides a quick view at the destination address and the port used by WebEx.
- IMG-20200502-WA0005.jpg (66.94 KiB) Viewed 26993 times
The block description is provided in both the SafeSquid's log extended as well as native.
******Screenshots left to be Attached********
****Extended Log*****
****Native Log****
Below is a client Scenario who faced such a problem
When you access WebEx in browser, for video streaming WebEx uses different non standard SSL port 5004 & 80
Note: Also, it might use secure websocket to communicate which require us to bypass SSL inspection, since SSL inspection is not enabled this problem will not occur.
In SafeSquid configuration we have predefined secure configuration which restricts any user to make a SSL connection to any website on a non standard port.
This configuration is also granular and can be modified as per the requirements.
To change the configuration:
We need to traverse to
SafeSquid.cfg -> Configure -> Application Setup -> System Configuration -> Compression and Buffering Policies ->
The default policy contains port list where connect (SSL) connection can be made by the user to the given ports.
Note: for stringent policy this policy can be mapped to a specific access policy for better security restrictions.
Therefore inorder to access WebEx
We need to add port 5004 in the connect port list.
Below is an attached file containing list of domains accessed with count.
The attached file contains the detail of request made when Accessing WebEx via browser
The table shows count and website connect request with port
And we can see that it connects(Trying to establish an SSL connection ) to 443, 5004 and sometimes port 80
We can discard the port 80 but port 5004 is more important and should be allowed so that WebEx can be accessed seemlessly.
- IMG-20200417-WA0020.jpg (101.53 KiB) Viewed 27003 times