How to create Custom Application Signature to identify WebRTC Application with Cisco Meeting Server

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to create Custom Application Signature to identify WebRTC Application with Cisco Meeting Server

L2 Linker

A Custom App-ID allows you to do two things:

 

  1. Create pattern-based signatures for traffic that doesn't match any of the pre-defined application signatures.
  2. Create a Custom Application for use in an Application Override Policy to override a pre-defined application signature.

 

rmeddane_0-1705919196406.png

 

The Traffic Logs shown that a WebRTC connection using Cisco Meeting Web App is identified as a Web-Browser application.

 

rmeddane_1-1705919196415.jpeg

 

Use wireshark to find a specific pattern to identify your application, in this case we want to identify any connection to the Cisco Meeting Server with WebBridge service enabled using Cisco Meeting App, the Cisco Meeting App uses the Web Browser and WebRTC to access any meeting hosted on Cisco Meeting Server.

 

In the Wireshark you can use plenty of SSL informations to identify the application. In this scenario we will use the SNI Server Name Indication sent in the SSL Client Hello which join.collab.com.

 

rmeddane_2-1705919196427.jpeg

 

Create a Custom Application with the following settings such as Category, Subcategory, Technology and Parrent App.

 

rmeddane_3-1705919196434.jpeg

Use the Layer 4 port number 443 for application port-based indentification.

 

rmeddane_4-1705919196439.jpeg

 

Then in the Signature section, define a condition match based on Pattern Match, in the Context field, select the ssl-req-chello-sni, this context tells the firewall to look in the Server Name Indication inside the SSL Client Hello initiated by the client. In the Pattern field, type the pattern or the Guest URL used by the user to access meetings hosted on Cisco Meeting Server.

 

rmeddane_5-1705919196442.jpeg

 

rmeddane_6-1705919196445.jpeg

 

rmeddane_7-1705919196448.jpeg

 

rmeddane_8-1705919196454.jpeg

 

Now create an Application Override Policy.

 

Select Inside as the source zone, Outside as the destination zone and Destination Address 10.1.15.41.

 

rmeddane_9-1705919196458.jpeg

 

rmeddane_10-1705919196460.jpeg

 

rmeddane_11-1705919196462.jpeg

 

rmeddane_12-1705919196465.jpeg

 

Then Enter the Layer 4 port number and associate the Custom Application created previously.

 

rmeddane_14-1705919196470.jpeg

 

14.png

 

User accessing the Webbrdge to access a meeting using WebRTC.

 

rmeddane_15-1705919196474.jpeg

 

 

 

Navigate to Traffic Logs to confirm that the Custom Application identified the SSL Traffic to 10.1.5.41 as a Cisco-Meeting-Web-Application.

 

rmeddane_16-1705919196480.jpeg

 

 

0 REPLIES 0
  • 1625 Views
  • 0 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!