Cisco Cisco Web Security Appliance S670 Guia De Resolução De Problemas

Contributed by Karl Young and Siddharth Rajpathak, Cisco TAC
Engineers.

Jul 31, 2014

Webex shared applications do not display when decrypted by the WSA

Symptoms: When using Webex application / desktop sharing and WSA HTTPS decryption, the sharing does
not work. Webex hangs with no errors.

Not all applications that use standardized HTTPS over port 443 are using proper HTTP over SSL. Webex uses
a custom streaming protocol over SSL that is not pure HTTP. Cisco Web Security appliance (WSA) expects
all traffic over port 443 to be pure HTTPS traffic especially when the traffic is being decrypted. Hence,
decrypting WebEx traffic can potentially cause problems or connection failures.

In order to workaround this issue, Webex must be set to HTTPS "Passthrough" instead of decrypt in the
decryption policies.

Please use the instructions below for configuring 'Passthrough' action for WebEx traffic:

A custom URL category will need to be created in order to match the webex servers. This category can then
be set in the HTTPS decryption policies to prevent Webex from being decrypted.

Under "Web Security Manager" > "Custom URL Categories" , click on the "Add Custom Url
Category..." button.

1. 

Give the new category a name and the following values: ".webex.com, webex.com"

2. 

Click the "Submit" button.

3. 

Under "Web Security Manager" > "HTTPS Decryption Policies", click the "URL Categories" for
the approriate policy group.

4. 

Locate the custom category and select the "Pass Through" action.

5. 

Click the "Submit" button & then commit the changes

6. 

In the AsyncOS for Web 7.x and above, WSA provides the ability to identify and control WebEx traffic