'GuestWifi' interface , and MS Teams, wants to 'direct-connect' inside

Eddie in.Mass · ‎09-05-2024

good day all....i am stymied with an issue

we have a 'GuestWifi' interface that's segmented thru FMC/FTD to just do Internet access, no inside/on-prem access

lo-and-behold, when GuestWifi users (Aruba OS 8 back-end) are at our location, and join the GuestWifi to do MS Teams meeting with folks in OUR company (and who are 'inside network / LAN segments' ) , the GuestWifi Teams user pretty quickly gets 'poor network quality' indications.... and when i check on FMC Events, i see 'BLOCK' events where the GuestWifi IP is seemingly trying to do a 'direct connect to actual INSIDE IP of whichever PC user' ...and NOT up to MS Cloud / service, which should be what brokers any actual MS Teams meeting/video/services.

if we do a ZOOM meeting, this same scenario does NOT occur...JUST with MS Teams app. it is driving me crazy to t-shoot.

yes, a TAC ticket didn't yet get me an answer.

the DNS used in GuestWifi is either of 8.8.8.8 or Umbrella DNS 208.67.222.222 (normally what's used).

i am stumped on why a MS Teams client is trying to go direct-connect.

if i'm on the LAN/Wifi , with 2 clients, they both go to Cloud-service (internet) and do NOT try to direct-connect

any suggestions where to check for pathing ? today, will look at PacketTracer and also do pcap on a test laptop on GuestWifi.

thnx for anything , please....

JennieZhang · ‎09-26-2024

Hello,

any progress on this issue? how's your analysis of packet capture/Packet tracer or do you have any findings from TAC team?

Since this issue will not reproduce if users use zoom meeting instead of MS teams, maybe it would be helpful comparing the packet capture files taken from Zoom meeting session and MS teams session.