Newcomer

Question

Ssl+ proxy

Forum|Forum|4 years ago
October 14, 2021
10 replies
0 views

Hi helpful members,

we are using superlumin firewall online our environment and we have zoom issue as it freezes and connections drops.
we never configured any udp settings or routed traffic to any supernets of IP.
The connection is using ssl+proxy. Can anybody have suggestions how to solve this

R

RajanB

Employee

Hi KSharma2

SSL+Proxy means that Zoom traffic is routed via the proxy and using port 443 (SSL). It obviously impacts user experience.

If your company policy allows it, please configure your network/firewall to directly reach out to Zoom servers (*.zoom.us) & allow UDP ports outbound as per support article below.

https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zoom

K

Ksharma2Author

Newcomer

Hi RajanB,

I have question in mind that I need to define the rules for udp only or for both udp and tcp. Thanks

R

RajanB

Employee

Hi KSharma2

It depends on the ports as per the support article.

For example, it states that

TCP port 8801 & 8802

UDP port 8801-8810

K

Ksharma2Author

Newcomer

No I mean for which protocol I need to define rule on my firewall

R

RajanB

Employee

KSharma2

You need to define rules for both TCP & UDP depending on which ports are used. Hopefully it answers your query.

K

Ksharma2Author

Newcomer

You means all supernets both for udp and tcp?

R

RajanB

Employee

KSharma2

Yes; for all those IP subnets/ranges defined in the support article.

K

Ksharma2Author

Newcomer

Hi rajan sorry to bother you again, I open udp traffic from inside to outside on port 8801-8810 defined in the article, still I need to define supernets? It’s too many for tcp and udp

R

RajanB

Employee

KSharma2

It depends on your environment and requirement.

In office environment, you'd normally be defining IP subnets/ranges to make it secure in addition to ports. To provide reliable and scalable solution, ZOOM has data centres all over the world & hence the need for the large numbers of IP address requirements.

Please check link below which has all these IP subnet/ranges defined in a text format required for Zoom Meetings.

https://assets.zoom.us/docs/ipranges/ZoomMeetings.txt

K

Ksharma2Author

Newcomer

So it means whether data centre is in india and I am in canada. Still needs to define those supernets

M

maverickwhites

Newcomer

Hi,

It looks like the Zoom issues might be due to traffic not being properly configured through your SSL+proxy and Superlumin firewall. Here are some quick steps to try:

Allow UDP Traffic: Zoom needs UDP on ports 3478-3481, 8801-8810, and 50000-60000. Ensure these are allowed through the firewall.
Whitelist Zoom IPs: Make sure Zoom's IP ranges (e.g., 3.120.0.0/14, 18.210.0.0/15) are whitelisted.
Check SSL Proxy: Ensure SSL inspection or proxy settings aren’t interfering with Zoom. You might need to bypass the proxy for Zoom traffic.
Consult Superlumin: Reach out to Superlumin support for specific guidance on optimizing the firewall for Zoom.

Let me know if this helps or if you need further assistance.