Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 35383 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebEx Bypass HTTPS Scanning on a Sophos UTM

RichardOsborn

Hi, I'm running Sophos UTM 9 with decrypt and scan HTTPS traffic enabled.

WebEx works fine when I turn off SSL Scanning for a machine, but I'm having trouble find all the URLs that WebEx uses; so that I can exclude them from the SSL Scanning.

Below are all the URLs that I have found within the Web Filtering logs.

^.*\.webex\.com
^.*\.webexconnect\.com
^.*\.ciscowebex\.com
https://62.109.231.15/ 
https://webex.tt.omtrdc.net/

I have created a rule to exclude these URLs from the SSL Scanning but WebEx still doesn't work. I can't see anymore URL present in the logs or see anything being block in the Firewall, Application Control or Intrusion Prevention System logs.

Have I missed something here? Has anyone else got WebEx working through a Sophos UTM with HTTPS Decrypt and Scan enabled?

Any help is appreciated.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    Thanks for the quick response,

    I configured a 'Filtering Option' rule with just 'SSL Scanning' excluded and use the 'Matching these URLs' for the filter with the above URLs.  

    These are all the URLs that I could find in the Web Filtering log related to WebEx.

    url="https://meetingsln.webex.com/"
    url="https://ed1chcbmm100.webex.com/"
    url="https://ed1txcbmm80.webex.com/"
    url="https://ed1hkcbmm70.webex.com/"
    url="https://imln6.ciscowebex.com/"
    url="https://ed1sjcbmm10.webex.com/"
    url="https://62.109.231.15/"
    url="https://dms-eu.webexconnect.com/"
    url="https://webex.tt.omtrdc.net/"

    I'm fairly certain that they are matched by my rule as they all have an exceptions="ssl" next to them in the log.

  • 0 in reply to RichardOsborn

    Hi Richard,

    Go to Web Protection > Filter options> Filter action> policies> Website and add the following RegEx in the allowed list.

    ^https?://([A-Za-z0-9.-]*\.)?meetingsln\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1chcbmm100\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1txcbmm80\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1hkcbmm70\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?imln6\.ciscowebex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?ed1sjcbmm10\.webex\.com/
    ^https?://([A-Za-z0-9.-]*\.)?62\.109\.231\.15/
    ^https?://([A-Za-z0-9.-]*\.)?dms-eu\.webexconnect\.com/
    ^https?://([A-Za-z0-9.-]*\.)?webex\.tt\.omtrdc\.net/

    Hope that helps:)

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Thanks for the suggestion,

    But sadly this hasn't worked as WebEx is still seeing the certificate being issued by the Sophos UTM (when it switches the certificate during the SSL scanning) instead of a webex.com issued certificate. Do you have any another suggestions?

    Many Thanks.

       

  • 0 in reply to RichardOsborn

    Hi, Richard, and welcome to the UTM Community!

    If WebEx is detecting a man-in-the-middle, then the only solution is to skip the Proxy altogether for those accesses.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML