Bypassing Zoom Traffic for Stability

  • 23 February 2023
  • 4 replies
  • 88 views

Userlevel 4
Badge +16

Multiple users have reported issues with the stability of Zoom, as well as the performance of the application itself. Common complaints or issues relating to audio dropping, audio quality, and screen redraws or slowness painting the screen. Due to these issues, as seen traversing a proxy, it is recommended that Zoom traffic be bypassed and go directly to the destination, at least for real-time traffic. 

We do recommend using our Next Generation API Data Protection for Zoom. With its current release, audit events, standard user behavior analytics alerts in Skope IT, and DLP alerts may be seen in the tenant. Future improvements to API data protection includes, threat protection, inventory and dashboard remediation actions, and retroscan.

Instructions

The following instruction set allows you to bypass Zoom traffic using the Netskope Client’s  real-time traffic steering method.

  1. Go to https://support.zoom.us/hc/en-us/articles/201362683-Zoom-network-firewall-or-proxy-server-settings and locate the section for “Zoom firewall rules”.
  2. Create Cloud Firewall applications to be bypassed.
    1. Use the hosts listed in the “Zoom firewall rules” section in addition to “zoom.ada.support” to create a CFW app to bypass connections from all Zoom clients on TCP ports 80 and 443.

      NOTE: “zoom.ada.support” is bypassed for support of ADA accessibility.

    2. Use the IP addresses in the “Zoom firewall rules” section to create a CFW app to bypass TCP connections on TCP ports 443, 8801, and 8802.
    3. Use the IP address in the “Zoom firewall rules” section to create a CFW app to bypass UDP connections to UDP ports 3478, 3479, and 8801 - 8810.
    4. Use the hosts listed in the “Firewall rules for certificate validation” section to create a CFW app to bypass certificate verification sites.
  3. Update steering configurations to bypass the CFW applications.

You will need to check the Zoom site for network firewall settings on a regular basis.  Zoom updates the site without notice and has seen the list grow and shrink as they make changes.

 


4 replies

Userlevel 4
Badge +16

updated list of ip's in csv

3.7.35.0/25,
3.21.137.128/25,
3.22.11.0/24,
3.23.93.0/24,
3.25.41.128/25,
3.25.42.0/25,
3.25.49.0/24,
3.80.20.128/25,
3.96.19.0/24,
3.101.32.128/25,
3.101.52.0/25,
3.104.34.128/25,
3.120.121.0/25,
3.127.194.128/25,
3.208.72.0/25,
3.211.241.0/25,
3.235.69.0/25,
3.235.71.128/25,
3.235.72.128/25,
3.235.73.0/25,
3.235.82.0/23,
3.235.96.0/23,
4.34.125.128/25,
4.35.64.128/25,
8.5.128.0/23,
13.52.6.128/25,
13.52.146.0/25,
15.220.80.0/24,
15.220.81.0/25,
16.63.29.0/24,
16.63.30.0/24,
18.157.88.0/24,
18.205.93.128/25,
18.254.23.128/25,
18.254.61.0/25,
20.203.158.80/28,
20.203.190.192/26,
50.239.202.0/23,
50.239.204.0/24,
52.61.100.128/25,
52.84.151.0/24,
52.202.62.192/26,
52.215.168.0/25,
64.125.62.0/24,
64.211.144.0/24,
64.224.32.0/19,
65.39.152.0/24,
69.174.57.0/24,
69.174.108.0/22,
99.79.20.0/25,
101.36.167.0/24,
101.36.170.0/23,
103.122.166.0/23,
111.33.115.0/25,
111.33.181.0/25,
115.110.154.192/26,
115.114.56.192/26,
115.114.115.0/26,
115.114.131.0/26,
120.29.148.0/24,
129.151.1.128/27,
129.151.1.192/27,
129.151.2.0/27,
129.151.3.160/27,
129.151.7.96/27,
129.151.11.64/27,
129.151.11.128/27,
129.151.12.0/27,
129.151.13.64/27,
129.151.15.224/27,
129.151.16.0/27,
129.151.31.224/27,
129.151.40.0/25,
129.151.40.160/27,
129.151.40.192/27,
129.151.41.0/25,
129.151.41.192/26,
129.151.42.0/27,
129.151.42.64/27,
129.151.42.128/26,
129.151.42.224/27,
129.151.43.0/27,
129.151.43.64/26,
129.151.48.0/27,
129.151.48.160/27,
129.151.49.0/26,
129.151.49.96/27,
129.151.49.128/27,
129.151.49.192/26,
129.151.50.0/27,
129.151.50.64/27,
129.151.52.128/26,
129.151.53.32/27,
129.151.53.224/27,
129.151.55.32/27,
129.151.56.32/27,
129.151.57.32/27,
129.151.60.192/27,
129.159.2.32/27,
129.159.2.192/27,
129.159.3.0/24,
129.159.4.0/23,
129.159.6.0/27,
129.159.6.96/27,
129.159.6.128/26,
129.159.6.192/27,
129.159.160.0/26,
129.159.160.64/27,
129.159.163.0/26,
129.159.163.160/27,
129.159.208.0/21,
129.159.216.0/26,
129.159.216.64/27,
129.159.216.128/26,
130.61.164.0/22,
132.226.176.0/25,
132.226.176.128/26,
132.226.177.96/27,
132.226.177.128/25,
132.226.178.0/27,
132.226.178.128/27,
132.226.178.224/27,
132.226.179.0/27,
132.226.179.64/27,
132.226.180.128/27,
132.226.183.160/27,
132.226.185.192/27,
134.224.0.0/16,
140.238.128.0/24,
140.238.232.0/22,
144.195.0.0/16,
147.124.96.0/19,
149.137.0.0/17,
150.230.224.0/25,
150.230.224.128/26,
150.230.224.224/27,
152.67.20.0/24,
152.67.118.0/24,
152.67.168.0/22,
152.67.180.0/24,
152.67.184.32/27,
152.67.240.0/21,
152.70.0.0/25,
152.70.0.128/26,
152.70.0.224/27,
152.70.1.0/25,
152.70.1.128/26,
152.70.1.192/27,
152.70.2.0/26,
152.70.7.192/27,
152.70.10.32/27,
152.70.224.32/27,
152.70.224.64/26,
152.70.224.160/27,
152.70.224.192/27,
152.70.225.0/25,
152.70.225.160/27,
152.70.225.192/27,
152.70.226.0/27,
152.70.227.96/27,
152.70.227.192/27,
152.70.228.0/27,
152.70.228.64/27,
152.70.228.128/27,
156.45.0.0/17,
158.101.64.0/24,
158.101.184.0/23,
158.101.186.0/25,
158.101.186.128/27,
158.101.186.192/26,
158.101.187.0/25,
158.101.187.160/27,
158.101.187.192/26,
159.124.0.0/16,
160.1.56.128/25,
161.199.136.0/22,
162.12.232.0/22,
162.255.36.0/22,
165.254.88.0/23,
166.108.64.0/18,
168.138.16.0/22,
168.138.48.0/24,
168.138.56.0/21,
168.138.72.0/24,
168.138.74.0/25,
168.138.80.0/25,
168.138.80.128/26,
168.138.80.224/27,
168.138.81.0/24,
168.138.82.0/23,
168.138.84.0/25,
168.138.84.128/27,
168.138.84.192/26,
168.138.85.0/24,
168.138.86.0/23,
168.138.96.0/22,
168.138.116.0/27,
168.138.116.64/27,
168.138.116.128/27,
168.138.116.224/27,
168.138.117.0/27,
168.138.117.96/27,
168.138.117.128/27,
168.138.118.0/27,
168.138.118.160/27,
168.138.118.224/27,
168.138.119.0/27,
168.138.119.128/27,
168.138.244.0/24,
170.114.0.0/16,
173.231.80.0/20,
192.204.12.0/22,
193.122.16.0/25,
193.122.16.192/27,
193.122.17.0/26,
193.122.17.64/27,
193.122.17.224/27,
193.122.18.32/27,
193.122.18.64/26,
193.122.18.160/27,
193.122.18.192/27,
193.122.19.0/27,
193.122.19.160/27,
193.122.19.192/27,
193.122.20.224/27,
193.122.21.96/27,
193.122.32.0/21,
193.122.40.0/22,
193.122.44.0/24,
193.122.45.32/27,
193.122.45.64/26,
193.122.45.128/25,
193.122.46.0/23,
193.122.208.96/27,
193.122.216.32/27,
193.122.222.0/27,
193.122.223.128/27,
193.122.226.160/27,
193.122.231.192/27,
193.122.232.160/27,
193.122.237.64/27,
193.122.244.160/27,
193.122.244.224/27,
193.122.245.0/27,
193.122.247.96/27,
193.122.252.192/27,
193.123.0.0/19,
193.123.40.0/21,
193.123.128.0/19,
193.123.168.0/21,
193.123.192.224/27,
193.123.193.0/27,
193.123.193.96/27,
193.123.194.96/27,
193.123.194.128/27,
193.123.194.224/27,
193.123.195.0/27,
193.123.196.0/27,
193.123.196.192/27,
193.123.197.0/27,
193.123.197.64/27,
193.123.198.64/27,
193.123.198.160/27,
193.123.199.64/27,
193.123.200.128/27,
193.123.201.32/27,
193.123.201.224/27,
193.123.202.64/27,
193.123.202.128/26,
193.123.203.0/27,
193.123.203.160/27,
193.123.203.192/27,
193.123.204.0/27,
193.123.204.64/27,
193.123.205.64/26,
193.123.205.128/27,
193.123.206.32/27,
193.123.206.128/27,
193.123.207.32/27,
193.123.208.160/27,
193.123.209.0/27,
193.123.209.96/27,
193.123.210.64/27,
193.123.211.224/27,
193.123.212.128/27,
193.123.215.192/26,
193.123.216.64/27,
193.123.216.128/27,
193.123.217.160/27,
193.123.219.64/27,
193.123.220.224/27,
193.123.222.64/27,
193.123.222.224/27,
198.251.128.0/17,
202.177.207.128/27,
203.200.219.128/27,
204.80.104.0/21,
204.141.28.0/22,
206.247.0.0/16,
207.226.132.0/24,
209.9.211.0/24,
209.9.215.0/24,
213.19.144.0/24,
213.19.153.0/24,
213.244.140.0/24,
221.122.63.0/24,
221.122.64.0/24,
221.122.88.64/27,
221.122.88.128/25,
221.122.89.128/25,
221.123.139.192/27

Userlevel 2
Badge +6

Are you getting reports about google meet issues as well?  I have a remote workforce that is steering all traffic to netskope with some complaining about degradation of google meet conferencing and screen sharing when netskope is on. I have a support ticket open with netskope.  I’ve found an article with google stating that traffic should be split in presence of vpn, is that the case?  I don’t see any documentation here or in the support portal.  Thanks. 

Userlevel 4
Badge +16

It depends on what you have licensed as well as enabled in the tenant for CASB, Web, and/or CFW.  I would analyze what logs you are seeing on the clients nsdebuglog.log file to determine what the client is or isn't steering.  Then look into the app and page events to see how the traffic is processed within the proxies.  There has been an occasion where an alert is thrown in the tenant that references a policy hit and interrupts the traffic flowing for the endpoint.

 

I have not heard of issues with Google Meet needing to be bypassed nor Microsoft Teams as well.

Userlevel 2
Badge +6

Hi @stevan , we have all 3 skus and steering all traffic. 

Here is another article about Teams in this forum

Reply