Dominios y CIDR en los que se recomienda una regla de omisión de inspección de SSL

Esta página contiene listas de dominios y CIDR para los que se recomienda configurar una regla de omisión para garantizar que la inspección de SSL no interrumpa el tráfico asociado a estas aplicaciones.

Con la mayoría del tráfico web de internet cifrado, es necesario descifrar el tráfico SSL para aplicar controles de seguridad avanzados. De forma predeterminada, la inspección de SSL de Cloud Web Security descifra todo el tráfico SSL por este motivo.

Las soluciones de inspección de SSL utilizan una técnica de tipo "man-in-the-middle" para descifrar el tráfico que puede interrumpir tipos específicos de comunicaciones por aplicaciones. El tráfico que puede interrumpirse mediante "man-in-the-middle" incluye el que utiliza el anclaje de certificados, TLS mutuo (mTLS) y WebSocket.

Para garantizar que el servicio Cloud Web Security no interrumpa estos tipos de tráfico, los usuarios pueden configurar reglas de omisión de SSL que reemplacen el comportamiento predeterminado de inspección de SSL. Los usuarios de Cloud Web Security pueden seguir controlando el tráfico a estas aplicaciones mediante la función de filtrado de URL.

Sugerencia: Si desea configurar una regla de omisión de inspección de SSL, consulte Configurar una directiva de seguridad.

Tabla de contenido

Aplicaciones
- Adobe
- Apple
- Cisco WebEx
- Dropbox
- Druva
- GitHub
- GoTo
- Grammarly
- Microsoft 365 (anteriormente Office 365)
- Microsoft Defender
- Sistemas operativos de Microsoft
- RingCentral
- Salesforce
- Slack
- VMware Workspace ONE
- Zoom
Reglas recomendadas (listas de aplicaciones consolidadas)
- Reglas de omisión de dominios
- Reglas de omisión de CIDR

Aplicaciones

A continuación se muestra una lista de las aplicaciones y sus dominios asociados y bloques CIDR que se sabe que se interrumpen cuando se aplica la inspección de SSL.

Adobe

Categoría: Dominios

Entradas: 13

sstats.adobe.com, acrobat.com, stats.adobe.com, fpdownload.adobe.com, newrelic.com, get3.adobe.com, echocdn.com, get.adobe.com, echosign.com, platformdl.adobe.com, dlmping2.adobe.com, dlmping3.adobe.com, bam.nr-data.net

Apple

Categoría: Dominios

Entradas: 80

xp-cdn.apple.com, humb.apple.com, configuration.apple.com, mesu.apple.com, gdmf.apple.com, business.apple.com, iwork.apple.com, albert.apple.com, ess.apple.com, static.ips.apple.com, swscan.apple.com, certs.apple.com, appattest.apple.com, apple-cloudkit.com, swdist.apple.com, identity.apple.com, push.apple.com, api.apps.apple.com, ls.apple.com, iprofiles.apple.com, diagassets.apple.com, oscdn.apple.com, appleid.cdn-apple.com, swdownload.apple.com, vpp.itunes.apple.com, gs.apple.com, doh.dns.apple.com, valid.apple.com, idmsa.apple.com, axm-adm-mdm.apple.com, lcdn-registration.apple.com, cssubmissions.apple.com, school.apple.com, bpapi.apple.com, skl.apple.com, xp.apple.com, sq-device.apple.com, deviceenrollment.apple.com, mask.icloud.com, gnf-mr.apple.com, ocsp2.apple.com, apps.apple.com, mask-api.icloud.com, ig.apple.com, axm-adm-scep.apple.com, axm-adm-enroll.apple.com, fba.apple.com, smp-device-content.apple.com, swquery.apple.com, setup.icloud.com, icloud.apple.com, icloud-content.com, axm-app.apple.com, swcdn.apple.com, mzstatic.com, ppq.apple.com, gsa.apple.com, mask-h2.icloud.com, itunes.apple.com, gc.apple.com, serverstatus.apple.com, gsas.apple.com, apple-livephotoskit.com, gnf-mdn.apple.com, appleid.apple.com, gg.apple.com, updates.cdn-apple.com, lcdn-locator.apple.com, icloud.com.cn, mdmenrollment.apple.com, ns.itunes.apple.com, cdn-apple.com, apzones.com, tbsc.apple.com, icloud.com, osrecovery.apple.com, smoot.apple.com, captive.apple.com, deviceservices-external.apple.com, ws-ee-maidsvc.icloud.com

Dropbox

Categoría: Dominios

Entradas: 4

cfl.dropboxstatic.com, dropboxusercontent.com, content.dropboxapi.com, dropbox.com

Druva

Categoría: Dominios

Entradas: 1

druva.com

GitHub

Categoría: Dominios

Entradas: 3

github.com, gist.githubusercontent.com, githubusercontent.com

GoTo

Categoría: Dominios

Entradas: 75

internap.net, api.opentok.com, 123rescue.com, jointraining.com, hvoice.net, meet.goto.com, logmein.eu, fastsupport.com, gotomeeting.com, joinwebinar.com, helpme.net, jiveip.net, getgoservices.net, lastpass.eu, lmi-antivirus-live.azureedge.net, logmein-gateway.com, gotomeet.at, google-analytics.com, gotoassist.at, browse.logmeinusercontent.com, webinar.com, gotoassist.me, gotoroom.com, gotomeet.me, enterprise.opentok.com, lmi-appupdates-live.azureedge.net, jive.com, joingotomeeting.com, getgocdn.com, psyjs-cdn.personify.live, LogMeIn123.com, logmeinrescue.com, expertcity.com, anvil.opentok.com, gotostage.com, goto.com, googleapis.com, static.opentok.com, logmeinusercontent.com, dolbyvoice.com, join.me, getgoservices.com, gototraining.com, logmein.com, firebaseapp.com, accounts.logme.in, cdn.walkme.com, hamachi.cc, gotoconference.com, logmeininc.com, openvoice.com, psyjs-cdn.nuvixa.com, goto-desktop.s3.amazonaws.com, onjive.com, go2assist.me, firebaseio.com, gofastchat.com, tokbox.com, goto-rtc.com, logmeinrescue-enterprise.com, jmp.tw, internapcdn.net, gotowebinar.com, assist.com, gotomypc.com, support.me, lastpass.com, app.goto.com, getgo.com, rtcprov.net, gotoassist.com, cdngetgo.com, raas.io, google.com, logmeinrescue.eu

Grammarly (dominios)

Categoría: Dominios

Entradas: 2

grammarly.io, grammarly.com

Microsoft 365 (anteriormente Office 365)

Categoría: Dominios

Entradas: 43

companymanager.microsoftonline.com, login.microsoftonline.com, officeapps.live.com, becws.microsoftonline.com, passwordreset.microsoftonline.com, broadcast.skype.com, sharepoint.com, loginex.microsoftonline.com, lync.com, login.microsoftonline-p.com, msidentity.com, outlook.office.com, msftidentity.com, security.microsoft.com, login-us.microsoftonline.com, autologon.microsoftazuread-sso.com, logincert.microsoftonline.com, accounts.accesscontrol.windows.net, defender.microsoft.com, login.microsoft.com, clientconfig.microsoftonline-p.net, provisioningapi.microsoftonline.com, account.office.net, outlook.office365.com, compliance.microsoft.com, api.passwordreset.microsoftonline.com, protection.office.com, office.live.com, adminwebservice.microsoftonline.com, protection.outlook.com, auth.microsoft.com, skypeforbusiness.com, graph.microsoft.com, login.windows.net, online.office.com, nexus.microsoftonline-p.com, account.activedirectory.windowsazure.com, mail.protection.outlook.com, graph.windows.net, ccs.login.microsoftonline.com, device.login.microsoftonline.com, teams.microsoft.com, smtp.office365.com

Microsoft Defender

Categoría: Dominios

Entradas: 53

ussus4eastprod.blob.core.windows.net, wsus2westprod.blob.core.windows.net, ussus4westprod.blob.core.windows.net, winatp-gw-neu.microsoft.com, automatedirstrprdeus3.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, automatedirstrprdcus3.blob.core.windows.net, automatedirstrprdeus.blob.core.windows.net, wsuk1westprod.blob.core.windows.net, usseu1northprod.blob.core.windows.net, ussuk1southprod.blob.core.windows.net, officecdn-microsoft-com.akamaized.net, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu.blob.core.windows.net, wdcp.microsoft.com, automatedirstrprdcus.blob.core.windows.net, europe.x.cp.wd.microsoft.com, ussus2eastprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, us-v20.events.data.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, wd.microsoft.com, winatp-gw-neu3.microsoft.com, winatp-gw-cus.microsoft.com, x.cp.wd.microsoft.com, winatp-gw-cus3.microsoft.com, wsus1westprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, wseu1northprod.blob.core.windows.net, ussus2westprod.blob.core.windows.net, wsuk1southprod.blob.core.windows.net, ussuk1westprod.blob.core.windows.net, automatedirstrprdweu.blob.core.windows.net, winatp-gw-eus.microsoft.com, packages.microsoft.com, unitedstates.x.cp.wd.microsoft.com, wsus1eastprod.blob.core.windows.net, winatp-gw-weu3.microsoft.com, automatedirstrprdweu3.blob.core.windows.net, automatedirstrprdukw.blob.core.windows.net, ussus1westprod.blob.core.windows.net, eu-v20.events.data.microsoft.com, ussus3westprod.blob.core.windows.net, uk-v20.events.data.microsoft.com, usseu1westprod.blob.core.windows.net, winatp-gw-uks.microsoft.com, ussus1eastprod.blob.core.windows.net, ussus3eastprod.blob.core.windows.net, cdn.x.cp.wd.microsoft.com, winatp-gw-weu.microsoft.com, winatp-gw-eus3.microsoft.com, winatp-gw-ukw.microsoft.com, events.data.microsoft.com

Sistemas operativos de Microsoft

Categoría: Dominios

Entradas: 17

musicimage.xboxlive.com, dl.delivery.mp.microsoft.com, windowsupdate.com, store-images.microsoft.com, sls.microsoft.com, windowsupdate.microsoft.com, wustat.windows.com, prod.do.dsp.mp.microsoft.com, mp.microsoft.com, download.microsoft.com, cdn.microsoft.com, tsfe.trafficshaping.dsp.mp.microsoft.com, media-assetcatalog.microsoft.com, store-images.s-microsoft.com, mediadiscovery.microsoft.com, update.microsoft.com, ntservicepack.microsoft.com

RingCentral

Categoría: CIDR

Entradas: 9

199.68.212.0/22, 192.209.24.0/21, 199.255.120.0/22, 80.81.128.0/20, 208.87.40.0/22, 104.245.56.0/21, 66.81.240.0/20, 185.23.248.0/22, 103.44.68.0/22

Salesforce

Categoría: Dominios

Entradas: 5

content.force.com, salesforce.com, lightning.force.com, visual.force.com, documentforce.com

Slack

Categoría: Dominios

Entradas: 4

wss-backup.slack.com, wss-mobile.slack.com, lb.slack-msgs.com, wss-primary.slack.com

VMware Workspace ONE

Categoría: Dominios

Servidores proxy de intercepción SSL salientes y anclaje de SSL (2960709)

Entradas: 2

vidmpreview.com, awmdm.com

WebEx

Categoría: Dominios

Entradas: 17

vbrickrev.com, webex.com, slido.com, lencr.org, accompany.com, godaddy.com, intel.com, sli.do, wbx2.com, webexcontent.com, appdynamics.com, identrust.com, digicert.com, data.logentries.com, quovadisglobal.com, eum-appdynamics.com, ciscospark.com

WebEx

Categoría: Subredes

Entradas: 26

20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16

Zoom

Categoría: Dominios

Entradas: 1

zoom.us

Reglas recomendadas (listas de aplicaciones consolidadas)

Las siguientes reglas consolidan todas las aplicaciones enumeradas anteriormente y se pueden copiar y pegar fácilmente en una sola regla de omisión de inspección de SSL de Cloud Web Security. Sin embargo, si los usuarios prefieren no incluir una exención para cada aplicación cubierta en este documento, los usuarios pueden crear reglas de omisión individuales para aplicaciones específicas utilizando la información proporcionada anteriormente.

Dominios de omisión de SSL

Entradas: 320

automatedirstrprdweu3.blob.core.windows.net, oscdn.apple.com, goto-desktop.s3.amazonaws.com, gc.apple.com, logmeinrescue.com, broadcast.skype.com, meet.goto.com, visual.force.com, msftidentity.com, wsus2westprod.blob.core.windows.net, sq-device.apple.com, cdn-apple.com, identrust.com, content.force.com, gdmf.apple.com, mesu.apple.com, icloud.com, musicimage.xboxlive.com, tbsc.apple.com, osrecovery.apple.com, firebaseapp.com, jmp.tw, cssubmissions.apple.com, quovadisglobal.com, outlook.office.com, companymanager.microsoftonline.com, automatedirstrprdcus3.blob.core.windows.net, axm-app.apple.com, goto.com, lastpass.com, mzstatic.com, wss-primary.slack.com, lastpass.eu, druva.com, sharepoint.com, ocsp2.apple.com, automatedirstrprdneu.blob.core.windows.net, mask-api.icloud.com, hvoice.net, automatedirstrprdeus3.blob.core.windows.net, becws.microsoftonline.com, deviceenrollment.apple.com, appleid.apple.com, smtp.office365.com, github.com, serverstatus.apple.com, store-images.microsoft.com, lcdn-registration.apple.com, app.goto.com, browse.logmeinusercontent.com, login.microsoftonline-p.com, gnf-mr.apple.com, wsuk1southprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, online.office.com, lync.com, assist.com, smoot.apple.com, automatedirstrprdcus.blob.core.windows.net, dolbyvoice.com, eu-v20.events.data.microsoft.com, psyjs-cdn.personify.live, skl.apple.com, webexcontent.com, appattest.apple.com, captive.apple.com, sls.microsoft.com, icloud.com.cn, google.com, acrobat.com, enterprise.opentok.com, ussus3westprod.blob.core.windows.net, deviceservices-external.apple.com, bpapi.apple.com, content.dropboxapi.com, getgocdn.com, ussus4eastprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, mask-h2.icloud.com, logmein.com, iprofiles.apple.com, logmeininc.com, usseu1westprod.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, graph.microsoft.com, winatp-gw-eus.microsoft.com, vpp.itunes.apple.com, grammarly.com, dlmping3.adobe.com, accounts.logme.in, api.passwordreset.microsoftonline.com, swquery.apple.com, wbx2.com, vidmpreview.com, ussuk1westprod.blob.core.windows.net, lmi-antivirus-live.azureedge.net, gist.githubusercontent.com, cfl.dropboxstatic.com, dlmping2.adobe.com, fpdownload.adobe.com, lightning.force.com, xp-cdn.apple.com, adminwebservice.microsoftonline.com, gg.apple.com, office.live.com, mask.icloud.com, ccs.login.microsoftonline.com, iwork.apple.com, outlook.office365.com, wsus1westprod.blob.core.windows.net, tsfe.trafficshaping.dsp.mp.microsoft.com, vbrickrev.com, events.data.microsoft.com, europe.x.cp.wd.microsoft.com, webinar.com, itunes.apple.com, logmeinrescue-enterprise.com, jiveip.net, ls.apple.com, apple-cloudkit.com, ntservicepack.microsoft.com, xp.apple.com, gotoassist.me, getgoservices.net, diagassets.apple.com, security.microsoft.com, automatedirstrprdeus.blob.core.windows.net, clientconfig.microsoftonline-p.net, media-assetcatalog.microsoft.com, newrelic.com, gofastchat.com, officecdn-microsoft-com.akamaized.net, logincert.microsoftonline.com, usseu1northprod.blob.core.windows.net, gotomypc.com, winatp-gw-eus3.microsoft.com, wustat.windows.com, dropbox.com, wss-mobile.slack.com, loginex.microsoftonline.com, ussus2eastprod.blob.core.windows.net, gotomeet.me, onjive.com, data.logentries.com, wd.microsoft.com, logmeinrescue.eu, idmsa.apple.com, ussus2westprod.blob.core.windows.net, ussus1westprod.blob.core.windows.net, x.cp.wd.microsoft.com, winatp-gw-ukw.microsoft.com, wseu1northprod.blob.core.windows.net, gotowebinar.com, download.microsoft.com, intel.com, uk-v20.events.data.microsoft.com, unitedstates.x.cp.wd.microsoft.com, digicert.com, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, getgoservices.com, echocdn.com, awmdm.com, internapcdn.net, gnf-mdn.apple.com, ciscospark.com, protection.office.com, rtcprov.net, lmi-appupdates-live.azureedge.net, echosign.com, expertcity.com, login.microsoft.com, gotoassist.com, us-v20.events.data.microsoft.com, albert.apple.com, gotoroom.com, winatp-gw-cus.microsoft.com, lencr.org, officeapps.live.com, gs.apple.com, tokbox.com, ig.apple.com, ws-ee-maidsvc.icloud.com, gotoconference.com, winatp-gw-neu.microsoft.com, githubusercontent.com, gotoassist.at, automatedirstrprdukw.blob.core.windows.net, hamachi.cc, push.apple.com, winatp-gw-neu3.microsoft.com, logmeinusercontent.com, api.opentok.com, school.apple.com, grammarly.io, support.me, teams.microsoft.com, salesforce.com, swdist.apple.com, joinwebinar.com, certs.apple.com, swcdn.apple.com, wsuk1westprod.blob.core.windows.net, google-analytics.com, gsa.apple.com, axm-adm-enroll.apple.com, passwordreset.microsoftonline.com, eum-appdynamics.com, smp-device-content.apple.com, apps.apple.com, windowsupdate.microsoft.com, gotomeeting.com, ppq.apple.com, login-us.microsoftonline.com, windowsupdate.com, account.activedirectory.windowsazure.com, ussus4westprod.blob.core.windows.net, compliance.microsoft.com, firebaseio.com, graph.windows.net, identity.apple.com, logmein.eu, go2assist.me, icloud.apple.com, cdn.x.cp.wd.microsoft.com, mediadiscovery.microsoft.com, ussus1eastprod.blob.core.windows.net, 123rescue.com, ns.itunes.apple.com, ussus3eastprod.blob.core.windows.net, swscan.apple.com, provisioningapi.microsoftonline.com, jointraining.com, valid.apple.com, sli.do, mp.microsoft.com, nexus.microsoftonline-p.com, swdownload.apple.com, setup.icloud.com, device.login.microsoftonline.com, doh.dns.apple.com, automatedirstrprdweu.blob.core.windows.net, lcdn-locator.apple.com, static.opentok.com, get3.adobe.com, fastsupport.com, joingotomeeting.com, helpme.net, bam.nr-data.net, updates.cdn-apple.com, gotostage.com, business.apple.com, lb.slack-msgs.com, gototraining.com, join.me, winatp-gw-cus3.microsoft.com, appleid.cdn-apple.com, ussuk1southprod.blob.core.windows.net, protection.outlook.com, winatp-gw-uks.microsoft.com, sstats.adobe.com, logmein-gateway.com, wss-backup.slack.com, platformdl.adobe.com, apzones.com, axm-adm-scep.apple.com, fba.apple.com, prod.do.dsp.mp.microsoft.com, wdcp.microsoft.com, cdn.microsoft.com, winatp-gw-weu.microsoft.com, static.ips.apple.com, gsas.apple.com, get.adobe.com, LogMeIn123.com, mail.protection.outlook.com, accounts.accesscontrol.windows.net, openvoice.com, dl.delivery.mp.microsoft.com, mdmenrollment.apple.com, msidentity.com, cdngetgo.com, accompany.com, skypeforbusiness.com, api.apps.apple.com, googleapis.com, ess.apple.com, auth.microsoft.com, getgo.com, login.microsoftonline.com, goto-rtc.com, anvil.opentok.com, jive.com, documentforce.com, axm-adm-mdm.apple.com, internap.net, slido.com, cdn.walkme.com, configuration.apple.com, psyjs-cdn.nuvixa.com, winatp-gw-weu3.microsoft.com, account.office.net, humb.apple.com, godaddy.com, update.microsoft.com, dropboxusercontent.com, webex.com, store-images.s-microsoft.com, stats.adobe.com, apple-livephotoskit.com, zoom.us, appdynamics.com, login.windows.net, autologon.microsoftazuread-sso.com, wsus1eastprod.blob.core.windows.net, gotomeet.at, icloud-content.com, packages.microsoft.com, defender.microsoft.com, raas.io

CIDR de omisión de SSL

104.245.56.0/21, 185.23.248.0/22, 80.81.128.0/20, 199.255.120.0/22, 192.209.24.0/21, 199.68.212.0/22, 103.44.68.0/22, 66.81.240.0/20, 208.87.40.0/22, 20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16