0 Replies Latest reply on Nov 21, 2011 8:15 AM by clausonna

    Permit WebEx pre-recorded sessions (solved)


      Hi folks,


      Many moons ago we had whitelisted *.webex.com from the HTTPS proxy in order to allow real-time WebEx sessions.  A few days ago I got a trouble ticket for a user who was unable to access pre-recorded WebEx sessions.  When I looked in the logs, there were lots of CONNECTs to *.webex.com (which worked) but also a CONNECT to just a straight IP address.


      This document from Webex explains that you need to also whitelist by their IP address:

      http://support.webex.com/SelfServiceWeb/portlets/ViewArticle/showSingleArticle.d o?_articleId=WBX264


      I opened a case with McAfee TAC and they confirmed that I needed to whitelist by IP address as well.  As there are multiple CIDR subnets witjh /19's and /20's you can't just do (for example) 192.168.*.*


      Here's a current list (as of Nov 2011) of the WebEx subnets and their RegEx's:


      SubnetCidrRangeRegeXWG Regex /1964.68.96.0 -\.68\.(9[6-9]|1[01][0-9]|12[0-7])64.68.(9[6-9]|1[01][0-9]|12[0-7]).* /2066.114.160.0 - 66\.114\.1(6[0-9]|7[1-5])66.114.1(6[0-9]|7[0-5]).* /2066.163.32.0 -\.163\.(3[2-9]|4[0-7)66.163.(3[2-9]|4[0-7).* /19209.197.192.0 - 209\.197\.(19[2-9]|2[01][0-9]|22[0-3])209.197.(19[2-9]|2[01][0-9]|22[0-3]).* /24208.8.81.0 - 208\.8\.81\.0208.8.81.* /20 - 210\.4\.(19[2-9]|20[0-7])210.4.(19[2-9]|20[0-7]).* /1862.109.192.0 - 62\.109\.(19[2-9]|2[0-4][0-9]|25[0-5])62.109.(19[2-9]|2[0-4][0-9]|25[0-5]).* /20173.243.0.0 - 173\.243\.([0-9)|1[0-5])173.243.([0-9)|1[0-5]).* /19114.29.192.0 - 114\.29\.(19[2-9]|2[01][0-9]|22[0-3])114.29.(19[2-9]|2[01][0-9]|22[0-3]).*


      I included the 'real' Regex as well (which escape the . with \'s) just in case you want to test on regular sites.


      For ease of pasting, here's just the list of for the web gateways:











      Kudos to this guy for posting his CIDR Regex:

      scrutin.wordpress.com/2007/03/26/regex-shortcuts-for-working-with-classless-inte rnet-domain-routing-cidr/


      Also, I should note that the WebEx support doc lists a whole bunch of ports you need to open on your firewall.  Other than 80, 443, and 53, I do not have the other ports open.


      I assume WebEx will update their subnet list at some point.  So please check that initial WebEx support URL first.


      Good luck!