Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- CASB
- Microsoft Teams: voice and video traffic
Microsoft Teams: voice and video traffic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2023 08:12 AM
Can anyone provide information/documentation in relation to Netskope as far as "how it handles" or "what it does with" voice and video traffic?
We have an ongoing discussion within our org and want to provide more insight/identify potential root causes for delayed call acceptance and/or performance degradation with regard to Netskope.
Solved! Go to Solution.
- Labels:
-
MS Teams
-
Netskope Agent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2023 06:50 AM
Netskope only steers TCP 80/443 traffic unless you have CFW. If you have CFW then you will need to make exceptions for that outbound UDP Traffic teams uses for audio and video.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2023 08:24 AM
It does nothing but steer it. For performance reasons and troubleshooting (if you ever have a problem, MS will blame Netskope) bypassing streaming traffic (if you are not blocking it) is advisable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2023 06:50 AM
Netskope only steers TCP 80/443 traffic unless you have CFW. If you have CFW then you will need to make exceptions for that outbound UDP Traffic teams uses for audio and video.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2023 11:48 AM
To make exceptions via CFW, you need to create an allow outbound firewall rule using:
UDP ports: 3478-3481 and destination ip ranges: 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15
Sourced from: https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worl...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-05-2023 01:24 AM - edited 08-05-2023 11:20 AM
Hi. Is this documented anywhere? I’ve searched…. What about zoom or google meet? I have cloud firewall and no one mentioned we need to do this in our onboarding and now we’re having issues with google meet in particular. I have a ticket open. It would be great to see a best practices document around web conferencing / VoIP steering and if what exceptions / cloud firewall rules are needed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2023 07:39 AM - edited 08-06-2023 08:12 AM
I have not seen evidence of Netskope's ability to steer web conferencing applications properly. The strange thing is it does not appear to affect everyone. The common issue is dropped calls or the inability to open applications when steered through Netskope.
We have bypasses for the following:
WebEx
MS Teams
I think web conferencing apps using TCP and UDP simultaneously could be causing the issues. If I'm not mistaken, Netskope does not steer UDP traffic. The Netskope client is supposed to distinguish between TCP and UDP traffic; however, if the application uses the same IPs for both protocols like Microsoft does for Teams, this may cause hit-and-misses by the client to make the right choice regarding steering. This is just my theory; our TAM is currently investigating our issue with Teams. Bypasses are not suitable due to losing DLP functionality for MS Teams.
Currently, there is no documentation regarding web conferencing applications and Netskope. The solution at this time is to bypass the traffic.
My apologies. I missed the critical "no" in my statement above. 🙂
More to come.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2023 08:04 AM
That’s exactly the issue I have with google meet. Most are not complaining, but others are with same configuration/hardware stack. I have a sku with netskope where all traffic goest through it, including UDP. I was able to prove this on a client with google meet running.
2023/08/04 16:40:22.353557 stAgentNE p47814 t956187 debug tunnel.cpp:869 nsTunnel DTLS [sessId 501] Tunneling UDP flow from addr: 1.0.0.1:65534, process: google chrome helper to host: 74.125.250.195, addr: 74.125.250.195:3478 to app-fw
Right now support is having me bypass google meet IPs essentially creating split tunnel for the media traffic. But not necessarily the signaling and meet URLs. Well see real quick tomorrow morning when 180 people in meet heavy conferencing traffic experience it.
@Lockdown. Can you point me to the documentation? I must be blind or there is a 5th documentation source that I don’t know about lol. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2023 08:14 AM
Thanks for the update. I'm going to start a live Teams chat regading ZTNA and Netskope. Would you be interested in joining?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-08-2023 04:07 PM
Team,
I just saw this post.
We had issues with Teams dropping audio calls after 10 seconds when Netskope was enabled.
If you go to the link below, Microsoft uses the same IPs for TCP and UDP for Teams. However, it appears they use different ports for the UDP traffic. Can the Netskope client determine when to use UDP vs. TCP for the IPs below?
13.107.64.0/18
52.112.0.0/14
52.122.0.0/15
When you get to the site, go to “Skype for Business Online and Microsoft Teams
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2023 05:24 AM
Is everyone still having audio/video issues when trying to steer Teams through Netskope?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
-
CASB
25 -
Client
7 -
DLP
5 -
API
5 -
Netskope Agent
5 -
API-Enabled Protection
5 -
netskope client
3 -
Real-time Policy
3 -
Unsanctioned apps
3 -
NSClient
3 -
alerts
3 -
MS Teams
2 -
vpn
2 -
Threat Protection
2 -
steering
2 -
update
2 -
incidents
2 -
block
2 -
Real time policy
2 -
CCI
2 -
Troubleshooting
2 -
install
2 -
NG-SWG
2 -
Upgrade
2 -
Collaboration
1 -
steering exception
1 -
IDC
1 -
Reports
1 -
cloud update
1 -
Messaging
1 -
Next Gen SWG
1 -
corrupted state
1 -
API Throttling
1 -
ssl
1 -
Adobe
1 -
cisco
1 -
Authentication
1 -
block IE11 traffic
1 -
ssl error
1 -
Allowlist
1 -
Webinar
1 -
Netskope
1 -
settings
1 -
certificate
1 -
Unique Device ID
1 -
fedramp
1 -
other
1 -
Sanctioned apps
1 -
trust
1 -
Unmanaged apps
1 -
SWG
1 -
MacOS
1 -
configuration
1 -
Managed apps
1 -
Netskope Endpoint Client
1 -
ztna
1 -
VDI
1 -
Office365
1 -
blockuploads
1 -
NPA
1 -
private access
1 -
Zero Trust
1 -
VMware
1 -
UPD errors and nsClientFLow
1 -
Compromised Credentials
1 -
Facebook
1 -
Reporting
1 -
Azure-AD
1 -
whatsapp app
1 -
malware
1 -
policy
1 -
Messenger
1 -
Sharepoint
1 -
googledocs
1 -
security posture check
1 -
ServiceNow
1 -
sku
1 -
Onedrive
1 -
data usage
1 -
APIv2
1 -
Outlook
1 -
version
1 -
application assessment request
1 -
AutoUpdate
1 -
roles
1 -
HTTP Header Profile
1 -
steer traffic
1 -
Privileges
1 -
Real time protection
1 -
Support
1 -
questions
1 -
policies
1 -
Office 365
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In