cancel
Showing results for 
Search instead for 
Did you mean: 
clausonna
Level 9

Permit WebEx pre-recorded sessions (solved)

Hi folks,

Many moons ago we had whitelisted *.webex.com from the HTTPS proxy in order to allow real-time WebEx sessions.  A few days ago I got a trouble ticket for a user who was unable to access pre-recorded WebEx sessions.  When I looked in the logs, there were lots of CONNECTs to *.webex.com (which worked) but also a CONNECT to just a straight IP address.

This document from Webex explains that you need to also whitelist by their IP address:

http://support.webex.com/SelfServiceWeb/portlets/ViewArticle/showSingleArticle.do?_articleId=WBX264

I opened a case with McAfee TAC and they confirmed that I needed to whitelist by IP address as well.  As there are multiple CIDR subnets witjh /19's and /20's you can't just do (for example) 192.168.*.*

Here's a current list (as of Nov 2011) of the WebEx subnets and their RegEx's:

SubnetCidrRangeRegeXWG Regex
64.68.96.0 /1964.68.96.0 - 64.68.127.25564\.68\.(9[6-9]|1[01][0-9]|12[0-7])64.68.(9[6-9]|1[01][0-9]|12[0-7]).*
66.114.160.0 /2066.114.160.0 - 66.114.175.255 66\.114\.1(6[0-9]|7[1-5])66.114.1(6[0-9]|7[0-5]).*
66.163.32.0 /2066.163.32.0 - 66.163.47.25566\.163\.(3[2-9]|4[0-7)66.163.(3[2-9]|4[0-7).*
209.197.192.0 /19209.197.192.0 - 209.197.223.255 209\.197\.(19[2-9]|2[01][0-9]|22[0-3])209.197.(19[2-9]|2[01][0-9]|22[0-3]).*
208.8.81.0 /24208.8.81.0 - 208.8.81.255 208\.8\.81\.0208.8.81.*
210.4.192.0 /20 210.4.192.0 - 210.4.207.255 210\.4\.(19[2-9]|20[0-7])210.4.(19[2-9]|20[0-7]).*
62.109.192.0 /1862.109.192.0 - 62.109.255.255 62\.109\.(19[2-9]|2[0-4][0-9]|25[0-5])62.109.(19[2-9]|2[0-4][0-9]|25[0-5]).*
173.243.0.0 /20173.243.0.0 - 173.243.15.255 173\.243\.([0-9)|1[0-5])173.243.([0-9)|1[0-5]).*
114.29.192.0 /19114.29.192.0 - 114.29.223.255 114\.29\.(19[2-9]|2[01][0-9]|22[0-3])114.29.(19[2-9]|2[01][0-9]|22[0-3]).*

I included the 'real' Regex as well (which escape the . with \'s) just in case you want to test on regular sites.

For ease of pasting, here's just the list of for the web gateways:

64.68.(9[6-9]|1[01][0-9]|12[0-7]).*

66.114.1(6[0-9]|7[0-5]).*

66.163.(3[2-9]|4[0-7).*

209.197.(19[2-9]|2[01][0-9]|22[0-3]).*

208.8.81.*

210.4.(19[2-9]|20[0-7]).*

62.109.(19[2-9]|2[0-4][0-9]|25[0-5]).*

173.243.([0-9)|1[0-5]).*

114.29.(19[2-9]|2[01][0-9]|22[0-3]).*

Kudos to this guy for posting his CIDR Regex:

scrutin.wordpress.com/2007/03/26/regex-shortcuts-for-working-with-classless-internet-domain-routing-cidr/

Also, I should note that the WebEx support doc lists a whole bunch of ports you need to open on your firewall.  Other than 80, 443, and 53, I do not have the other ports open.

I assume WebEx will update their subnet list at some point.  So please check that initial WebEx support URL first.

Good luck!

Neil

0 Kudos