Description
This article describes how to allow Zoom Meeting on policy with ISDB
In this scenario, you may already have configured an allowed policy with Zoom ISDB (Zoom.us-Zoom.Meeting) as the destination, but users still are not able to join Zoom Meeting from Zoom Client.
Workaround
Zoom Client requires to access to the following URL
· static.zdassets.com
· static.ada.support
You may have to create 2 new FQDN address “static.zdassets.com” and “static.ada.support” then create a new Policy to allow these destination.
To create a FQDN using the GUI:
1) Go to Policy & Objects -> Addresses and click Create New -> Address.
2) Specify a Name.
3) Select 'FQDN' as 'Type'
4) Enter the FQDN address
Comments
This article describes how to allow Zoom Meeting on policy with ISDB
In this scenario, you may already have configured an allowed policy with Zoom ISDB (Zoom.us-Zoom.Meeting) as the destination, but users still are not able to join Zoom Meeting from Zoom Client.
Workaround
Zoom Client requires to access to the following URL
· static.zdassets.com
· static.ada.support
You may have to create 2 new FQDN address “static.zdassets.com” and “static.ada.support” then create a new Policy to allow these destination.
To create a FQDN using the GUI:
1) Go to Policy & Objects -> Addresses and click Create New -> Address.
2) Specify a Name.
3) Select 'FQDN' as 'Type'
4) Enter the FQDN address
The main sources of ISDB is vendors’ publish and ASN, meanwhile, we collect IPs from Fortinet DNS logs, Application Control logs, DNS lookup, etc. For Zoom, the main source is https://assets.zoom.us/docs/ipranges/Zoom.txt.
For this case, in the design of ISDB, one 3-tuple (IP-protocol-port) only can be recognized as one application. And “static.zdassets.com” and “static.ada.support” are third-party service of Zoom. If their IPs are included in Zoom ISDB object, the other applications which also use these services will be as Zoom incorrectly. Thus, we can’t add the IPs of these two FQDNs to Zoom object.
Comments
