Question:
Webex shared applications do not display when decrypted by the WSA
Symptoms: When using Webex application / desktop sharing and WSA HTTPS decryption, the sharing does not work. Webex hangs with no errors.
Not all applications that use standardized HTTPS over port 443 are using proper HTTP over SSL. Webex uses a custom streaming protocol over SSL that is not pure HTTP. Cisco Web Security appliance (WSA) expects all traffic over port 443 to be pure HTTPS traffic especially when the traffic is being decrypted. Hence, decrypting WebEx traffic can potentially cause problems or connection failures.
In order to workaround this issue, Webex must be set to HTTPS "Passthrough" instead of decrypt in the decryption policies.
Please use the instructions below for configuring 'Passthrough' action for WebEx traffic:
| Setting WebEx to HTTPS 'Passthrough' using custom category (AsyncOS versions below 7.0) |
A custom URL category will need to be created in order to match the webex servers. This category can then be set in the HTTPS decryption policies to prevent Webex from being decrypted.
- Under "Web Security Manager" > "Custom URL Categories" , click on the "Add Custom Url Category..." button.
- Give the new category a name and the following values: ".webex.com, webex.com"
- Click the "Submit" button.
- Under "Web Security Manager" > "HTTPS Decryption Policies", click the "URL Categories" for the approriate policy group.
- Locate the custom category and select the "Pass Through" action.
- Click the "Submit" button & then commit the changes
|
| Setting WebEx to bypass (AsyncOS 7.0+) |
In the AsyncOS for Web 7.x and above, WSA provides the ability to identify and control WebEx traffic directly. We do not need to create a new custom URL category in this case.
- Under "Web Security Manager" > "Bypass Settings", click on the "Edit Application Bypass Settings..." button.
- Under "Cisco WebEx" check the "Bypass Scanning" box.
- Click the "Submit" button & then commit the changes
|
Feedback