Exclude all Zoom traffic from GlobalProtect VPN

Reply
Highlighted
L2 Linker

Re: Exclude all Zoom traffic from GlobalProtect VPN

I finally found the solution. On our case, having the Zoom binary in %AppData% was making the split tunnel not working correctly and Zoom UDP/8801 traffic was sent through the tunnel.

 

We end up deploying the Zoom package centrally with SCCM to al laptops. Now, with Zoom on C:\Prgoram Files x86 the Zoom exclusion by Process is doing the trick finally.

View solution in original post

Highlighted
L4 Transporter

Re: Exclude all Zoom traffic from GlobalProtect VPN

thank you for sharing the solution. It really helps


~ Sai Srivastava Tumuluri ~
Highlighted
L0 Member

Re: Exclude all Zoom traffic from GlobalProtect VPN

Hi I resolved this setting as follows:  We need to add CptHost.exe to offload UDP 8801.

%USERPROFILE%\AppData\Roaming\Zoom\bin\Zoom.exe
%USERPROFILE%\AppData\Roaming\Zoom\bin\CptHost.exe

 

Highlighted
L1 Bithead

Re: Exclude all Zoom traffic from GlobalProtect VPN

We are still having traffic flowing through even after excluding everything suggested in this thread. Seeing 8801/8802 in logs.

Screen Shot 2020-05-05 at 12.45.16 PM.pngScreen Shot 2020-05-05 at 12.46.43 PM.png

 

Also excluded the below per @togase's suggestion.

 

%USERPROFILE%\AppData\Roaming\Zoom\bin\Zoom.exe
%USERPROFILE%\AppData\Roaming\Zoom\bin\CptHost.exe

Highlighted
L2 Linker

Re: Exclude all Zoom traffic from GlobalProtect VPN

HI!

 

For Zoom domain excluded. So far it is not working. Symptom is not stable some client works and then stopped when they go zoom from Browser. It will not display. Case is on engineering team. If anyone got excluded domain working and stable. Please share your comments

 

Thank you

 

Daniel

Highlighted
L0 Member

Re: Exclude all Zoom traffic from GlobalProtect VPN

Appreciate the information. Using this I was finally able to fully split both tcp 443 and udp 8801 traffic for Windows users. For Mac users I have 443 traffic split but 8801 will not and I can't figure out why. Anyone have any suggestions for Macs?

Highlighted
L1 Bithead

Re: Exclude all Zoom traffic from GlobalProtect VPN

The only way we got it to work was to create an address group with all the zoom networks ( about 85 at the last count) and then monitor and add networks as they bring more online and exclude them in the access route tab

HDC_0-1588806093819.png

 

Highlighted
L4 Transporter

Re: Exclude all Zoom traffic from GlobalProtect VPN

my recommendation is to start a zoom meeting with video and run the netstat command to see the what application is using the port

 

https://www.tecmint.com/find-out-which-process-listening-on-a-particular-port/

https://helpdeskgeek.com/how-to/use-netstat-to-see-listening-ports-and-pid-in-windows/


~ Sai Srivastava Tumuluri ~
Highlighted
L2 Linker

Re: Exclude all Zoom traffic from GlobalProtect VPN

Thank you Sai. It is very useful link. Actually we are not able to get the excluded domain (zooom or www.cisco.com ) working. Ticket was in engineering escalation

 

Daniel

Highlighted
L4 Transporter

Re: Exclude all Zoom traffic from GlobalProtect VPN

what zoom networks did you use for this objects?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!