This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

Bypassing Zoom Traffic for Stability

stevan
Netskope
Netskope

‎02-23-2023 02:04 PM - last edited on ‎03-29-2023 11:08 AM by Community Manager

Multiple users have reported issues with the stability of Zoom, as well as the performance of the application itself. Common complaints or issues relating to audio dropping, audio quality, and screen redraws or slowness painting the screen. Due to these issues, as seen traversing a proxy, it is recommended that Zoom traffic be bypassed and go directly to the destination, at least for real-time traffic. 

We do recommend using our Next Generation API Data Protection for Zoom. With its current release, audit events, standard user behavior analytics alerts in Skope IT, and DLP alerts may be seen in the tenant. Future improvements to API data protection includes, threat protection, inventory and dashboard remediation actions, and retroscan.

Instructions

The following instruction set allows you to bypass Zoom traffic using the Netskope Client’s  real-time traffic steering method.

  1. Go to https://support.zoom.us/hc/en-us/articles/201362683-Zoom-network-firewall-or-proxy-server-settings and locate the section for “Zoom firewall rules”.
  2. Create Cloud Firewall applications to be bypassed.
    1. Use the hosts listed in the “Zoom firewall rules” section in addition to “zoom.ada.support” to create a CFW app to bypass connections from all Zoom clients on TCP ports 80 and 443.

      NOTE: “zoom.ada.support” is bypassed for support of ADA accessibility.

    2. Use the IP addresses in the “Zoom firewall rules” section to create a CFW app to bypass TCP connections on TCP ports 443, 8801, and 8802.
    3. Use the IP address in the “Zoom firewall rules” section to create a CFW app to bypass UDP connections to UDP ports 3478, 3479, and 8801 - 8810.
    4. Use the hosts listed in the “Firewall rules for certificate validation” section to create a CFW app to bypass certificate verification sites.
  3. Update steering configurations to bypass the CFW applications.

You will need to check the Zoom site for network firewall settings on a regular basis.  Zoom updates the site without notice and has seen the list grow and shrink as they make changes.

 

Stevan Pierce, CEH CISSP CPT
Labels:
4 Replies 4
stevan
Netskope
Netskope

‎05-26-2023 10:46 AM

updated list of ip's in csv

3.7.35.0/25,
3.21.137.128/25,
3.22.11.0/24,
3.23.93.0/24,
3.25.41.128/25,
3.25.42.0/25,
3.25.49.0/24,
3.80.20.128/25,
3.96.19.0/24,
3.101.32.128/25,
3.101.52.0/25,
3.104.34.128/25,
3.120.121.0/25,
3.127.194.128/25,
3.208.72.0/25,
3.211.241.0/25,
3.235.69.0/25,
3.235.71.128/25,
3.235.72.128/25,
3.235.73.0/25,
3.235.82.0/23,
3.235.96.0/23,
4.34.125.128/25,
4.35.64.128/25,
8.5.128.0/23,
13.52.6.128/25,
13.52.146.0/25,
15.220.80.0/24,
15.220.81.0/25,
16.63.29.0/24,
16.63.30.0/24,
18.157.88.0/24,
18.205.93.128/25,
18.254.23.128/25,
18.254.61.0/25,
20.203.158.80/28,
20.203.190.192/26,
50.239.202.0/23,
50.239.204.0/24,
52.61.100.128/25,
52.84.151.0/24,
52.202.62.192/26,
52.215.168.0/25,
64.125.62.0/24,
64.211.144.0/24,
64.224.32.0/19,
65.39.152.0/24,
69.174.57.0/24,
69.174.108.0/22,
99.79.20.0/25,
101.36.167.0/24,
101.36.170.0/23,
103.122.166.0/23,
111.33.115.0/25,
111.33.181.0/25,
115.110.154.192/26,
115.114.56.192/26,
115.114.115.0/26,
115.114.131.0/26,
120.29.148.0/24,
129.151.1.128/27,
129.151.1.192/27,
129.151.2.0/27,
129.151.3.160/27,
129.151.7.96/27,
129.151.11.64/27,
129.151.11.128/27,
129.151.12.0/27,
129.151.13.64/27,
129.151.15.224/27,
129.151.16.0/27,
129.151.31.224/27,
129.151.40.0/25,
129.151.40.160/27,
129.151.40.192/27,
129.151.41.0/25,
129.151.41.192/26,
129.151.42.0/27,
129.151.42.64/27,
129.151.42.128/26,
129.151.42.224/27,
129.151.43.0/27,
129.151.43.64/26,
129.151.48.0/27,
129.151.48.160/27,
129.151.49.0/26,
129.151.49.96/27,
129.151.49.128/27,
129.151.49.192/26,
129.151.50.0/27,
129.151.50.64/27,
129.151.52.128/26,
129.151.53.32/27,
129.151.53.224/27,
129.151.55.32/27,
129.151.56.32/27,
129.151.57.32/27,
129.151.60.192/27,
129.159.2.32/27,
129.159.2.192/27,
129.159.3.0/24,
129.159.4.0/23,
129.159.6.0/27,
129.159.6.96/27,
129.159.6.128/26,
129.159.6.192/27,
129.159.160.0/26,
129.159.160.64/27,
129.159.163.0/26,
129.159.163.160/27,
129.159.208.0/21,
129.159.216.0/26,
129.159.216.64/27,
129.159.216.128/26,
130.61.164.0/22,
132.226.176.0/25,
132.226.176.128/26,
132.226.177.96/27,
132.226.177.128/25,
132.226.178.0/27,
132.226.178.128/27,
132.226.178.224/27,
132.226.179.0/27,
132.226.179.64/27,
132.226.180.128/27,
132.226.183.160/27,
132.226.185.192/27,
134.224.0.0/16,
140.238.128.0/24,
140.238.232.0/22,
144.195.0.0/16,
147.124.96.0/19,
149.137.0.0/17,
150.230.224.0/25,
150.230.224.128/26,
150.230.224.224/27,
152.67.20.0/24,
152.67.118.0/24,
152.67.168.0/22,
152.67.180.0/24,
152.67.184.32/27,
152.67.240.0/21,
152.70.0.0/25,
152.70.0.128/26,
152.70.0.224/27,
152.70.1.0/25,
152.70.1.128/26,
152.70.1.192/27,
152.70.2.0/26,
152.70.7.192/27,
152.70.10.32/27,
152.70.224.32/27,
152.70.224.64/26,
152.70.224.160/27,
152.70.224.192/27,
152.70.225.0/25,
152.70.225.160/27,
152.70.225.192/27,
152.70.226.0/27,
152.70.227.96/27,
152.70.227.192/27,
152.70.228.0/27,
152.70.228.64/27,
152.70.228.128/27,
156.45.0.0/17,
158.101.64.0/24,
158.101.184.0/23,
158.101.186.0/25,
158.101.186.128/27,
158.101.186.192/26,
158.101.187.0/25,
158.101.187.160/27,
158.101.187.192/26,
159.124.0.0/16,
160.1.56.128/25,
161.199.136.0/22,
162.12.232.0/22,
162.255.36.0/22,
165.254.88.0/23,
166.108.64.0/18,
168.138.16.0/22,
168.138.48.0/24,
168.138.56.0/21,
168.138.72.0/24,
168.138.74.0/25,
168.138.80.0/25,
168.138.80.128/26,
168.138.80.224/27,
168.138.81.0/24,
168.138.82.0/23,
168.138.84.0/25,
168.138.84.128/27,
168.138.84.192/26,
168.138.85.0/24,
168.138.86.0/23,
168.138.96.0/22,
168.138.116.0/27,
168.138.116.64/27,
168.138.116.128/27,
168.138.116.224/27,
168.138.117.0/27,
168.138.117.96/27,
168.138.117.128/27,
168.138.118.0/27,
168.138.118.160/27,
168.138.118.224/27,
168.138.119.0/27,
168.138.119.128/27,
168.138.244.0/24,
170.114.0.0/16,
173.231.80.0/20,
192.204.12.0/22,
193.122.16.0/25,
193.122.16.192/27,
193.122.17.0/26,
193.122.17.64/27,
193.122.17.224/27,
193.122.18.32/27,
193.122.18.64/26,
193.122.18.160/27,
193.122.18.192/27,
193.122.19.0/27,
193.122.19.160/27,
193.122.19.192/27,
193.122.20.224/27,
193.122.21.96/27,
193.122.32.0/21,
193.122.40.0/22,
193.122.44.0/24,
193.122.45.32/27,
193.122.45.64/26,
193.122.45.128/25,
193.122.46.0/23,
193.122.208.96/27,
193.122.216.32/27,
193.122.222.0/27,
193.122.223.128/27,
193.122.226.160/27,
193.122.231.192/27,
193.122.232.160/27,
193.122.237.64/27,
193.122.244.160/27,
193.122.244.224/27,
193.122.245.0/27,
193.122.247.96/27,
193.122.252.192/27,
193.123.0.0/19,
193.123.40.0/21,
193.123.128.0/19,
193.123.168.0/21,
193.123.192.224/27,
193.123.193.0/27,
193.123.193.96/27,
193.123.194.96/27,
193.123.194.128/27,
193.123.194.224/27,
193.123.195.0/27,
193.123.196.0/27,
193.123.196.192/27,
193.123.197.0/27,
193.123.197.64/27,
193.123.198.64/27,
193.123.198.160/27,
193.123.199.64/27,
193.123.200.128/27,
193.123.201.32/27,
193.123.201.224/27,
193.123.202.64/27,
193.123.202.128/26,
193.123.203.0/27,
193.123.203.160/27,
193.123.203.192/27,
193.123.204.0/27,
193.123.204.64/27,
193.123.205.64/26,
193.123.205.128/27,
193.123.206.32/27,
193.123.206.128/27,
193.123.207.32/27,
193.123.208.160/27,
193.123.209.0/27,
193.123.209.96/27,
193.123.210.64/27,
193.123.211.224/27,
193.123.212.128/27,
193.123.215.192/26,
193.123.216.64/27,
193.123.216.128/27,
193.123.217.160/27,
193.123.219.64/27,
193.123.220.224/27,
193.123.222.64/27,
193.123.222.224/27,
198.251.128.0/17,
202.177.207.128/27,
203.200.219.128/27,
204.80.104.0/21,
204.141.28.0/22,
206.247.0.0/16,
207.226.132.0/24,
209.9.211.0/24,
209.9.215.0/24,
213.19.144.0/24,
213.19.153.0/24,
213.244.140.0/24,
221.122.63.0/24,
221.122.64.0/24,
221.122.88.64/27,
221.122.88.128/25,
221.122.89.128/25,
221.123.139.192/27

Stevan Pierce, CEH CISSP CPT
0 Likes
mdmeow12123
New Contributor II

‎08-05-2023 01:03 AM - edited ‎08-05-2023 01:05 AM

Are you getting reports about google meet issues as well?  I have a remote workforce that is steering all traffic to netskope with some complaining about degradation of google meet conferencing and screen sharing when netskope is on. I have a support ticket open with netskope.  I’ve found an article with google stating that traffic should be split in presence of vpn, is that the case?  I don’t see any documentation here or in the support portal.  Thanks. 

0 Likes
stevan
Netskope
Netskope
In response to mdmeow12123

‎08-09-2023 12:53 PM

It depends on what you have licensed as well as enabled in the tenant for CASB, Web, and/or CFW.  I would analyze what logs you are seeing on the clients nsdebuglog.log file to determine what the client is or isn't steering.  Then look into the app and page events to see how the traffic is processed within the proxies.  There has been an occasion where an alert is thrown in the tenant that references a policy hit and interrupts the traffic flowing for the endpoint.

 

I have not heard of issues with Google Meet needing to be bypassed nor Microsoft Teams as well.

Stevan Pierce, CEH CISSP CPT
0 Likes
mdmeow12123
New Contributor II

‎08-09-2023 01:21 PM

Hi @stevan , we have all 3 skus and steering all traffic. 

Here is another article about Teams in this forum

0 Likes
Subscribe

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In