Share via

Microsoft Teams over Proxy (Cisco WSA)

Tomáš Spevák 1 Reputation point
2021-08-19T08:03:56.337+00:00

Dear all,

I'm forwarding question that I have on Microsoft community here, hoping that I will get some help. Thank you all in advance.

In our company, we are facing huge troubles with Microsoft products to work over our proxy server - especially Teams and Skype (also Skype for Business).

Does anybody know if there is some list of URLs to make these two, but especially to make Teams work over WSA?
We are also using firewall.
We allowed these subnets on our firewall with these services, just like it is requested on Microsoft site:

Destination:
13. 107.64.0/18
52. 112.0.0/14
52. 120.0.0/14

Ports
UDP 3478-3481

We also allowed ALL of these URLs, IPs and subnets on our proxy:
20. 202.0.0/16, 13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14, 52.238.119.141/32, 52.244.160.207/32, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2620:1ec:6::/48, 2620:1ec:40::/42, .lync.com, lync.com, xboxlive.com, .xboxlive.com, outlook.office365.com, .outlook.office365.com, teams.microsoft.com, .teams.microsoft.com, msedge.net, .msedge.net, skype.com, .skype.com, live.net, .live.net, statics.teams.cdn.office.net

Regular Expressions:
.teams.microsoft.com$
.msedge.net$
.skype.com$
.live.net$

We even had a serious troubleshooting with Cisco Support, which told us that everything seems to be OK on our side for Teams. Skype wasn't even sending traffic to proxy, it was totally bypassing it and trying to go directly through firewall to the internet. The amount of sites where it was trying to reach was enormous, therefore we couldn't allow it because of security reasons (security is the most important in our company).

Now, with all these URLs / IPs allowed on proxy / firewall, this is the response from Teams:

124612-image.png

What is strange, that SOMETIMES it works, meaning, that if I relaunch this application 15, sometimes 20, sometimes only 8 times it starts to work. Meeting itself is also sometimes working, sometimes not. Right now we can't even connect to Teams, and in the sites in America where they can connect, the meeting isn't working.

If ANYONE can help us, with making Teams to work over Cisco WSA, I will be really really grateful! It is crucial for us. We are using mostly WebEx, but Teams is also required in our company and it is needed by top-management and also by other people.

Thank you all in advance!

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,627 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sharon Zhao-MSFT 25,081 Reputation points Microsoft Vendor
    2021-08-19T09:24:15.353+00:00

    @Tomáš Spevák ,

    When you use proxy server in your organization, Microsoft strongly recommends:

    • Using external DNS resolution
    • Using direct UDP based routing
    • Allowing UDP traffic
    • Following the other recommendations in our networking guidelines: Prepare your organization's network for Teams

    Even though, this guidance just minimizes potential problems. Please don’t worry about the security problem because Teams and Skype for Business traffic is already encrypted. The following image captured from official document shows the potential issues caused by a proxy:
    124625-image.png

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.