Best way to whitelist all Zoom domains, IP's and ports (hundreds of IPs)
I block all internet traffic, except whitelisted things, and I want to whitelist Zoom. Problem is - Zoom has 300+ of IP's and ports, plus also a few domains - what is the best way to do this? Should I create 3-4 target lists, just for zoom (and, in a target list, there seems to be no way to specify a port). And, if I create an IP + port-based rule, I seem to have to add one ip address at a time. Ideas?
Example:
TCP 80,443: *.zoom.us
TCP 443, 8801, 8802: 3.7.35.0/25
TCP 443, 8801, 8802: 3.21.137.128/25
(... plus 200 more addresses...)
TCP 443, 8801, 8802: 2620:123:2000::/40 (IPv6)
UDP 3478, 3479, 8801 - 8810: 3.7.35.0/25
UDP 3478, 3479, 8801 - 8810: 3.21.137.128/25
( plus 200 more)
UDP 3478, 3479, 8801 - 8810: 2620:123:2000::/40 (IPv6)
See full list of Zoom ips: https://support.zoom.us/hc/en-us/articles/201362683-Zoom-network-firewall-or-proxy-server-settings#h_01EJHWAN4T2DQF5ZCM5S7MXXJT
-
I don't see why it would not be possible for Firewalla to build a target list off of this: https://assets.zoom.us/docs/ipranges/Zoom.txt
Zoom keeps that updated/current themselves and the formatting is easy to automate ingestion.
-
Great to hear that is already in use. The major win I see for allowing consumers to use that list is that the Zoom Meeting/Call traffic that relies on non-443 ports goes through that list of IPs they provide. Their CDN for static visual content (icons/static graphics/etc.) and other content is 443 traffic and thus generally going to be allowed. Now if the response was "no we're never going to do that, but we're going to use that to provide an app that can be used within rules that incorporates this as part of it" that would be even better.
Please sign in to leave a comment.
Comments
3 comments