Same type of behavior on my end, so I went ahead an added the Zoom IP blocks listed for port 8801:
Which came out to be 57 entries. Doing this seems to have helped, somewhat, while doing 1-on-1 tests, I wouldn't see traffic show up in the firewall logs, even testing with other users, however we now have ~3,000+ employees working remotely, so I am starting to see these logs appear but it seems not as much as you would think. I have a case open with Palo Alto, they are able to replicate but unable to provide a solution.
On top of adding the IP blocks, we are excluding the domains,
and application processes for both PC and macOS
C:\Program Files (x86)\Zoom\bin\Zoom.exe
This article gives great instructions but doesn't obviously seem to work.
I am also attempting the same with BOX and will see how things go in the coming days.
You might want to check your companies policy and regulations regarding split tunnels as most dont allow it. I'm sure there is a reason for the request, however why would you want to lose that viability?
Thanks for the feedback, seems you are facing the exact same scenario.
In our case, we want to avoid add the network ranges as it's something we would need to keep updated as they add/remove ranges, plus we would need to do manual configurations in multiple gateways. The API could be an option to automate this, but anyway we would need to keep an eye at Zoom article while their add/remove them.
There is not much added value on sending Zoom traffic through the VPN when Zoom is classified as a low-risk app by applipedia, it's an allowed application meaning no need to block/restrict, we want to give this application the best performance due to the current situation (and send it through the VPN is for sure not the way to achieve this). The only thing we might lose here is the ability to see&block files transfers as they flow through the Zoom sharing connection, but that's something we accept.
Can you start a zoom meeting with screen sharing and video ON. Add at least 2 people with video
While on meeting run - netstat -aenob
Also, for IPs in the traffic logs, enable host lookup, by checking the box at bottom. Resolve hostname. And share the screenshot again. Above link will help
What GlobalProtect version are you using?
We did some more tests and we conclude with: Win10 and:
- With Global Protect 5.1 is working fine
- We are not yet sure about GlobalProtect 5.0
- With GlobalProtect 4.1 is not working
Did you get the feature exclude video traffic from vpn tunnel to work?
For me, I'm sure we are using the correct config and we upgraded the GlobalProtect Gateway appliance to PAN-OS 9.0.6 ( the issue was fixed in this release) but still no positive result.
I went through debug and dump logs. Checked the monitoring tab in the PA and I'm still seeing the video streaming traffic go across the tunnel (dailymotion for example).
I opened a case with support but still no answer yet.
Any help will be appreciated.
In case we find a solution with the support team I will share it here
Try configuring both the "Exclude Video Application" option on agent and also domain name under exclude domains. Can you share a screenshot of config
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!