0 Replies Latest reply on Nov 21, 2011 8:15 AM by clausonna

    Permit WebEx pre-recorded sessions (solved)

    clausonna

      Hi folks,

       

      Many moons ago we had whitelisted *.webex.com from the HTTPS proxy in order to allow real-time WebEx sessions.  A few days ago I got a trouble ticket for a user who was unable to access pre-recorded WebEx sessions.  When I looked in the logs, there were lots of CONNECTs to *.webex.com (which worked) but also a CONNECT to just a straight IP address.

       

      This document from Webex explains that you need to also whitelist by their IP address:

      http://support.webex.com/SelfServiceWeb/portlets/ViewArticle/showSingleArticle.d o?_articleId=WBX264

       

      I opened a case with McAfee TAC and they confirmed that I needed to whitelist by IP address as well.  As there are multiple CIDR subnets witjh /19's and /20's you can't just do (for example) 192.168.*.*

       

      Here's a current list (as of Nov 2011) of the WebEx subnets and their RegEx's:

       

      SubnetCidrRangeRegeXWG Regex
      64.68.96.0 /1964.68.96.0 - 64.68.127.25564\.68\.(9[6-9]|1[01][0-9]|12[0-7])64.68.(9[6-9]|1[01][0-9]|12[0-7]).*
      66.114.160.0 /2066.114.160.0 - 66.114.175.255 66\.114\.1(6[0-9]|7[1-5])66.114.1(6[0-9]|7[0-5]).*
      66.163.32.0 /2066.163.32.0 - 66.163.47.25566\.163\.(3[2-9]|4[0-7)66.163.(3[2-9]|4[0-7).*
      209.197.192.0 /19209.197.192.0 - 209.197.223.255 209\.197\.(19[2-9]|2[01][0-9]|22[0-3])209.197.(19[2-9]|2[01][0-9]|22[0-3]).*
      208.8.81.0 /24208.8.81.0 - 208.8.81.255 208\.8\.81\.0208.8.81.*
      210.4.192.0 /20 210.4.192.0 - 210.4.207.255 210\.4\.(19[2-9]|20[0-7])210.4.(19[2-9]|20[0-7]).*
      62.109.192.0 /1862.109.192.0 - 62.109.255.255 62\.109\.(19[2-9]|2[0-4][0-9]|25[0-5])62.109.(19[2-9]|2[0-4][0-9]|25[0-5]).*
      173.243.0.0 /20173.243.0.0 - 173.243.15.255 173\.243\.([0-9)|1[0-5])173.243.([0-9)|1[0-5]).*
      114.29.192.0 /19114.29.192.0 - 114.29.223.255 114\.29\.(19[2-9]|2[01][0-9]|22[0-3])114.29.(19[2-9]|2[01][0-9]|22[0-3]).*

       

      I included the 'real' Regex as well (which escape the . with \'s) just in case you want to test on regular sites.

       

      For ease of pasting, here's just the list of for the web gateways:

      64.68.(9[6-9]|1[01][0-9]|12[0-7]).*

      66.114.1(6[0-9]|7[0-5]).*

      66.163.(3[2-9]|4[0-7).*

      209.197.(19[2-9]|2[01][0-9]|22[0-3]).*

      208.8.81.*

      210.4.(19[2-9]|20[0-7]).*

      62.109.(19[2-9]|2[0-4][0-9]|25[0-5]).*

      173.243.([0-9)|1[0-5]).*

      114.29.(19[2-9]|2[01][0-9]|22[0-3]).*

       

      Kudos to this guy for posting his CIDR Regex:

      scrutin.wordpress.com/2007/03/26/regex-shortcuts-for-working-with-classless-inte rnet-domain-routing-cidr/

       

      Also, I should note that the WebEx support doc lists a whole bunch of ports you need to open on your firewall.  Other than 80, 443, and 53, I do not have the other ports open.

       

      I assume WebEx will update their subnet list at some point.  So please check that initial WebEx support URL first.

       

      Good luck!

      Neil