Hi. Is this documented anywhere? I’ve searched…. What about zoom or google meet? I have cloud firewall and no one mentioned we need to do this in our onboarding and now we’re having issues with google meet in particular. I have a ticket open. It would be great to see a best practices document around web conferencing / VoIP steering and if what exceptions / cloud firewall rules are needed
I have not seen evidence of Netskope's ability to steer web conferencing applications properly. The strange thing is it does not appear to affect everyone. The common issue is dropped calls or the inability to open applications when steered through Netskope.
We have bypasses for the following:
I think web conferencing apps using TCP and UDP simultaneously could be causing the issues. If I'm not mistaken, Netskope does not steer UDP traffic. The Netskope client is supposed to distinguish between TCP and UDP traffic; however, if the application uses the same IPs for both protocols like Microsoft does for Teams, this may cause hit-and-misses by the client to make the right choice regarding steering. This is just my theory; our TAM is currently investigating our issue with Teams. Bypasses are not suitable due to losing DLP functionality for MS Teams.
Currently, there is no documentation regarding web conferencing applications and Netskope. The solution at this time is to bypass the traffic.
My apologies. I missed the critical "no" in my statement above. 🙂
That’s exactly the issue I have with google meet. Most are not complaining, but others are with same configuration/hardware stack. I have a sku with netskope where all traffic goest through it, including UDP. I was able to prove this on a client with google meet running.
2023/08/04 16:40:22.353557 stAgentNE p47814 t956187 debug tunnel.cpp:869 nsTunnel DTLS [sessId 501] Tunneling UDP flow from addr: 22.214.171.124:65534, process: google chrome helper to host: 126.96.36.199, addr: 188.8.131.52:3478 to app-fw
Right now support is having me bypass google meet IPs essentially creating split tunnel for the media traffic. But not necessarily the signaling and meet URLs. Well see real quick tomorrow morning when 180 people in meet heavy conferencing traffic experience it.
@Lockdown. Can you point me to the documentation? I must be blind or there is a 5th documentation source that I don’t know about lol. Thanks!
We had issues with Teams dropping audio calls after 10 seconds when Netskope was enabled.
If you go to the link below, Microsoft uses the same IPs for TCP and UDP for Teams. However, it appears they use different ports for the UDP traffic. Can the Netskope client determine when to use UDP vs. TCP for the IPs below?
When you get to the site, go to “Skype for Business Online and Microsoft Teams