I got a client and they use Webex stations and Webex apps on PC-s.
They got fibre service, yet performance is poor most of the time.
Read an article about allowing outbound UDP 9000 through the firewall, but implicit policies are in place, so all traffic allowed from inside to the outside.
Other apps like Skype and TeamViewer, have no issues on the same PC-s and network. All hosts hardwired (no WiFi in use)
I'm getting confused as to what could be the issue, especially that I can't see UDP 9000 used on the PC (in netstat -an command),
however, there is session on each site ASA using both UDP 9000 and TCP 443, both sessions incrementing packets...
Wonder if anyone had similar experience?
I'll have to digest the configuration, I'll paste it later, but for now,
Here are the sessions from two different branches:
ASA5516X-FW01/act# sh conn | inc 10.7.10.87
TCP OUTSIDE 126.96.36.199:5938 INSIDE 10.7.10.87:49462, idle 0:00:20, bytes 191513, flags UxIOX
UDP OUTSIDE 188.8.131.52:9000 INSIDE 10.7.10.87:60573, idle 0:00:00, bytes 9849856, flags X
UDP OUTSIDE 184.108.40.206:9000 INSIDE 10.7.10.87:64336, idle 0:00:00, bytes 201397360 , flags X
TCP OUTSIDE 220.127.116.11:443 INSIDE 10.7.10.87:51560, idle 0:00:00, bytes 672621, fl ags UxIO
B-ASA5516X-FW01/act# sh conn | inc 10.2.1.249
UDP OUTSIDE 18.104.22.168:9000 INSIDE 10.2.1.249:61169, idle 0:00:00, bytes 1802320, flags X
UDP OUTSIDE 22.214.171.124:9000 INSIDE 10.2.1.249:51851, idle 0:00:00, bytes 324618730, flags X
TCP OUTSIDE 126.96.36.199:443 INSIDE 10.2.1.249:53553, idle 0:00:02, bytes 1107153, flags UxIO
Flag X indicates that the flow is handled by Firepower module so you should check it. If no clues, try excluding this port from the service module inspection ACL.
I've excluded Webex traffic from FirePower inspection, yet the problems remained.
I did packet-trace command on typical Webex connection and confirmed it wasn't sent to IPS policy for inspection...
Any more ideas? Do you think there's much difference in using implicit allow (for traffic initiated from higher security level to lower) and explicitly defining Webex traffic (Network Objects - Webex URL-s and public IP-s, as well as UDP/TCP ports)?