Easier way to configure security policies for Zoom?

rookierunner
rookierunner Posts: 25  Freshman Member
First Comment Friend Collector Sixth Anniversary
in Security
I am looking to add the appropriate security policies, etc. to configure my Zywall 110 based on the the network firewall guidance that Zoom provides (https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zoom).  They list a ton of IP addresses for various ports/services.  It would be vary tedious to manually enter all of this information to configure the firewall appropriately.  Looking for if there is an easier way?  (Note: I have all outbound traffic blocked, except for ports/services that I explicitly open up. Maybe that's overkill but I view it as cautious.)

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,409  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Here is the specification of ZyWALL 110 for your reference.
    Address Object: 300
    Address Group: 50
    Max. Address Object In One Group: 128

    The maximum number of address object can be created on ZyWALL 110 is 300.
    However, there are more than 1000 IP addresses in the firewall guidance that Zoom provides.
    You need to use Class B to combine several address into subnet. 
    For example: 
    Create address object 13.32.0.0/16 for the following addresses.
    13.32.10.243
    13.32.101.253
    13.32.105.249
    ......
    13.32.224.249
    13.32.229.241
    13.32.24.249

    Open console or SSH.
    Router> configure terminal
    Then copy the following commands and paste them via console/SSH
    address-object addr1 13.32.0.0 255.255.0.0
    address-object addr2 13.33.0.0 255.255.0.0
    ....
    write
  • rookierunner
    rookierunner Posts: 25  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Thanks, Emily.  It is still a lot of manual configuration so I will have to decide how much effort I will put into managing the ports to IP addresses.  It would be great if Zyxel would give their firewalls the ability to load preconfigured rule sets and also provide these preconfigured rule sets for major services like Zoom, Apple services (FaceTime, etc.), Google Voice, etc.  I know probably not going to make the product roadmap but I can hope.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,409  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Thank you very much for your suggestion. We will evaluate it in the future.
  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    Hi rookieruner,
    if I understand correctly, you have problem with the connection and Zoom ("Network error, please try again") ? We use Zoom on USG 110 on our network without these settings ...

  • rookierunner
    rookierunner Posts: 25  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    @kyssling - the issue is that I lock down the outbound ports, not just the inbound ports.  I am guessing that you allow all traffic outbound so that makes sense that you don’t have the issue.  I allow only certain outbound traffic to limit potential data leak, unwanted tracking, etc.
  • PeterUK
    PeterUK Posts: 3,645  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 2021
    I do the same for one of my USG I have not fully tested this but if you do a Address WILDCARD FQDN with *zoom.us destination firewall that might allow all the addresses needed for zoom.  

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)