Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
A Custom App-ID allows you to do two things:
The Traffic Logs shown that a WebRTC connection using Cisco Meeting Web App is identified as a Web-Browser application.
Use wireshark to find a specific pattern to identify your application, in this case we want to identify any connection to the Cisco Meeting Server with WebBridge service enabled using Cisco Meeting App, the Cisco Meeting App uses the Web Browser and WebRTC to access any meeting hosted on Cisco Meeting Server.
In the Wireshark you can use plenty of SSL informations to identify the application. In this scenario we will use the SNI Server Name Indication sent in the SSL Client Hello which join.collab.com.
Create a Custom Application with the following settings such as Category, Subcategory, Technology and Parrent App.
Use the Layer 4 port number 443 for application port-based indentification.
Then in the Signature section, define a condition match based on Pattern Match, in the Context field, select the ssl-req-chello-sni, this context tells the firewall to look in the Server Name Indication inside the SSL Client Hello initiated by the client. In the Pattern field, type the pattern or the Guest URL used by the user to access meetings hosted on Cisco Meeting Server.
Now create an Application Override Policy.
Select Inside as the source zone, Outside as the destination zone and Destination Address 10.1.15.41.
Then Enter the Layer 4 port number and associate the Custom Application created previously.
User accessing the Webbrdge to access a meeting using WebRTC.
Navigate to Traffic Logs to confirm that the Custom Application identified the SSL Traffic to 10.1.5.41 as a Cisco-Meeting-Web-Application.
