Cette page contient des listes de domaines et de CIDR pour lesquels il est recommandé de configurer une règle de contournement pour s'assurer que l'inspection SSL n'interrompt pas le trafic associé à ces applications.
Avec la plupart du trafic Web Internet chiffré, il est nécessaire de déchiffrer le trafic SSL pour appliquer des contrôles de sécurité avancés. Par défaut, l'inspection SSL Cloud Web Security déchiffre tout le trafic SSL pour cette raison.
Les solutions d'inspection SSL utilisent une technique « man-in-the-middle » pour déchiffrer le trafic qui peut perturber des types spécifiques de communications par les applications. Le trafic qui peut être interrompu par un intercepteur « man-in-the-middle » inclut ceux qui utilisent l'épinglage de certificat, TLS mutuel (mTLS) et WebSocket.
Pour s'assurer que le service Cloud Web Security n'interrompt pas ces types de trafic, les utilisateurs peuvent configurer une ou plusieurs règles de contournement SSL qui remplacent le comportement d'inspection SSL par défaut. Les utilisateurs Cloud Web Security peuvent toujours contrôler le trafic vers ces applications à l'aide de la fonctionnalité de filtrage d'URL.
Info-bulle : Pour configurer une règle de contournement de l'inspection SSL, reportez-vous à la section
Configuration d'une stratégie de sécurité.
Table des matières
- Applications
- Adobe
- Apple
- Cisco WebEx
- Dropbox
- Druva
- GitHub
- GoTo
- Grammarly
- Microsoft 365 (anciennement Office 365)
- Microsoft Defender
- Systèmes d'exploitation Microsoft
- RingCentral
- Salesforce
- Slack
- VMware Workspace ONE
- Zoom
- Règles recommandées (listes d'applications consolidées)
- Règles de contournement de domaines
- Règles de contournement de CIDR
Applications
Vous trouverez ci-dessous une liste d'applications et de leurs domaines associés, et de blocs CIDR qui sont connus pour se rompre lors de l'application de l'inspection SSL.
Adobe
Catégorie : Domaines (Domains)
Entrées : 13
sstats.adobe.com, acrobat.com, stats.adobe.com, fpdownload.adobe.com, newrelic.com, get3.adobe.com, echocdn.com, get.adobe.com, echosign.com, platformdl.adobe.com, dlmping2.adobe.com, dlmping3.adobe.com, bam.nr-data.net
Apple
Catégorie : Domaines (Domains)
Entrées : 80
xp-cdn.apple.com, humb.apple.com, configuration.apple.com, mesu.apple.com, gdmf.apple.com, business.apple.com, iwork.apple.com, albert.apple.com, ess.apple.com, static.ips.apple.com, swscan.apple.com, certs.apple.com, appattest.apple.com, apple-cloudkit.com, swdist.apple.com, identity.apple.com, push.apple.com, api.apps.apple.com, ls.apple.com, iprofiles.apple.com, diagassets.apple.com, oscdn.apple.com, appleid.cdn-apple.com, swdownload.apple.com, vpp.itunes.apple.com, gs.apple.com, doh.dns.apple.com, valid.apple.com, idmsa.apple.com, axm-adm-mdm.apple.com, lcdn-registration.apple.com, cssubmissions.apple.com, school.apple.com, bpapi.apple.com, skl.apple.com, xp.apple.com, sq-device.apple.com, deviceenrollment.apple.com, mask.icloud.com, gnf-mr.apple.com, ocsp2.apple.com, apps.apple.com, mask-api.icloud.com, ig.apple.com, axm-adm-scep.apple.com, axm-adm-enroll.apple.com, fba.apple.com, smp-device-content.apple.com, swquery.apple.com, setup.icloud.com, icloud.apple.com, icloud-content.com, axm-app.apple.com, swcdn.apple.com, mzstatic.com, ppq.apple.com, gsa.apple.com, mask-h2.icloud.com, itunes.apple.com, gc.apple.com, serverstatus.apple.com, gsas.apple.com, apple-livephotoskit.com, gnf-mdn.apple.com, appleid.apple.com, gg.apple.com, updates.cdn-apple.com, lcdn-locator.apple.com, icloud.com.cn, mdmenrollment.apple.com, ns.itunes.apple.com, cdn-apple.com, apzones.com, tbsc.apple.com, icloud.com, osrecovery.apple.com, smoot.apple.com, captive.apple.com, deviceservices-external.apple.com, ws-ee-maidsvc.icloud.com
Dropbox
Catégorie : Domaines (Domains)
Entrées : 4
cfl.dropboxstatic.com, dropboxusercontent.com, content.dropboxapi.com, dropbox.com
Druva
Catégorie : Domaines (Domains)
Entrées : 1
druva.com
GitHub
Catégorie : Domaines (Domains)
Entrées : 3
github.com, gist.githubusercontent.com, githubusercontent.com
GoTo
Catégorie : Domaines (Domains)
Entrées : 75
internap.net, api.opentok.com, 123rescue.com, jointraining.com, hvoice.net, meet.goto.com, logmein.eu, fastsupport.com, gotomeeting.com, joinwebinar.com, helpme.net, jiveip.net, getgoservices.net, lastpass.eu, lmi-antivirus-live.azureedge.net, logmein-gateway.com, gotomeet.at, google-analytics.com, gotoassist.at, browse.logmeinusercontent.com, webinar.com, gotoassist.me, gotoroom.com, gotomeet.me, enterprise.opentok.com, lmi-appupdates-live.azureedge.net, jive.com, joingotomeeting.com, getgocdn.com, psyjs-cdn.personify.live, LogMeIn123.com, logmeinrescue.com, expertcity.com, anvil.opentok.com, gotostage.com, goto.com, googleapis.com, static.opentok.com, logmeinusercontent.com, dolbyvoice.com, join.me, getgoservices.com, gototraining.com, logmein.com, firebaseapp.com, accounts.logme.in, cdn.walkme.com, hamachi.cc, gotoconference.com, logmeininc.com, openvoice.com, psyjs-cdn.nuvixa.com, goto-desktop.s3.amazonaws.com, onjive.com, go2assist.me, firebaseio.com, gofastchat.com, tokbox.com, goto-rtc.com, logmeinrescue-enterprise.com, jmp.tw, internapcdn.net, gotowebinar.com, assist.com, gotomypc.com, support.me, lastpass.com, app.goto.com, getgo.com, rtcprov.net, gotoassist.com, cdngetgo.com, raas.io, google.com, logmeinrescue.eu
Grammarly (Domaines)
Catégorie : Domaines (Domains)
Entrées : 2
grammarly.io, grammarly.com
Microsoft 365 (anciennement Office 365)
Catégorie : Domaines (Domains)
Entrées : 43
companymanager.microsoftonline.com, login.microsoftonline.com, officeapps.live.com, becws.microsoftonline.com, passwordreset.microsoftonline.com, broadcast.skype.com, sharepoint.com, loginex.microsoftonline.com, lync.com, login.microsoftonline-p.com, msidentity.com, outlook.office.com, msftidentity.com, security.microsoft.com, login-us.microsoftonline.com, autologon.microsoftazuread-sso.com, logincert.microsoftonline.com, accounts.accesscontrol.windows.net, defender.microsoft.com, login.microsoft.com, clientconfig.microsoftonline-p.net, provisioningapi.microsoftonline.com, account.office.net, outlook.office365.com, compliance.microsoft.com, api.passwordreset.microsoftonline.com, protection.office.com, office.live.com, adminwebservice.microsoftonline.com, protection.outlook.com, auth.microsoft.com, skypeforbusiness.com, graph.microsoft.com, login.windows.net, online.office.com, nexus.microsoftonline-p.com, account.activedirectory.windowsazure.com, mail.protection.outlook.com, graph.windows.net, ccs.login.microsoftonline.com, device.login.microsoftonline.com, teams.microsoft.com, smtp.office365.com
Microsoft Defender
Catégorie : Domaines (Domains)
Entrées : 53
ussus4eastprod.blob.core.windows.net, wsus2westprod.blob.core.windows.net, ussus4westprod.blob.core.windows.net, winatp-gw-neu.microsoft.com, automatedirstrprdeus3.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, automatedirstrprdcus3.blob.core.windows.net, automatedirstrprdeus.blob.core.windows.net, wsuk1westprod.blob.core.windows.net, usseu1northprod.blob.core.windows.net, ussuk1southprod.blob.core.windows.net, officecdn-microsoft-com.akamaized.net, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu.blob.core.windows.net, wdcp.microsoft.com, automatedirstrprdcus.blob.core.windows.net, europe.x.cp.wd.microsoft.com, ussus2eastprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, us-v20.events.data.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, wd.microsoft.com, winatp-gw-neu3.microsoft.com, winatp-gw-cus.microsoft.com, x.cp.wd.microsoft.com, winatp-gw-cus3.microsoft.com, wsus1westprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, wseu1northprod.blob.core.windows.net, ussus2westprod.blob.core.windows.net, wsuk1southprod.blob.core.windows.net, ussuk1westprod.blob.core.windows.net, automatedirstrprdweu.blob.core.windows.net, winatp-gw-eus.microsoft.com, packages.microsoft.com, unitedstates.x.cp.wd.microsoft.com, wsus1eastprod.blob.core.windows.net, winatp-gw-weu3.microsoft.com, automatedirstrprdweu3.blob.core.windows.net, automatedirstrprdukw.blob.core.windows.net, ussus1westprod.blob.core.windows.net, eu-v20.events.data.microsoft.com, ussus3westprod.blob.core.windows.net, uk-v20.events.data.microsoft.com, usseu1westprod.blob.core.windows.net, winatp-gw-uks.microsoft.com, ussus1eastprod.blob.core.windows.net, ussus3eastprod.blob.core.windows.net, cdn.x.cp.wd.microsoft.com, winatp-gw-weu.microsoft.com, winatp-gw-eus3.microsoft.com, winatp-gw-ukw.microsoft.com, events.data.microsoft.com
Systèmes d'exploitation Microsoft
Catégorie : Domaines (Domains)
Entrées : 17
musicimage.xboxlive.com, dl.delivery.mp.microsoft.com, windowsupdate.com, store-images.microsoft.com, sls.microsoft.com, windowsupdate.microsoft.com, wustat.windows.com, prod.do.dsp.mp.microsoft.com, mp.microsoft.com, download.microsoft.com, cdn.microsoft.com, tsfe.trafficshaping.dsp.mp.microsoft.com, media-assetcatalog.microsoft.com, store-images.s-microsoft.com, mediadiscovery.microsoft.com, update.microsoft.com, ntservicepack.microsoft.com
RingCentral
Catégorie : CIDR
Entrées : 9
199.68.212.0/22, 192.209.24.0/21, 199.255.120.0/22, 80.81.128.0/20, 208.87.40.0/22, 104.245.56.0/21, 66.81.240.0/20, 185.23.248.0/22, 103.44.68.0/22
Salesforce
Catégorie : Domaines (Domains)
Entrées : 5
content.force.com, salesforce.com, lightning.force.com, visual.force.com, documentforce.com
Slack
Catégorie : Domaines (Domains)
Entrées : 4
wss-backup.slack.com, wss-mobile.slack.com, lb.slack-msgs.com, wss-primary.slack.com
VMware Workspace ONE
Catégorie : Domaines (Domains)
Épinglage SSL et proxys d'interception de trafic SSL sortant (2960709)
Entrées : 2
vidmpreview.com, awmdm.com
WebEx
Catégorie : Domaines (Domains)
Entrées : 17
vbrickrev.com, webex.com, slido.com, lencr.org, accompany.com, godaddy.com, intel.com, sli.do, wbx2.com, webexcontent.com, appdynamics.com, identrust.com, digicert.com, data.logentries.com, quovadisglobal.com, eum-appdynamics.com, ciscospark.com
WebEx
Catégorie : Sous-réseaux (Subnets)
Entrées : 26
20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16
Zoom
Catégorie : Domaines (Domains)
Entrées : 1
zoom.us
Règles recommandées (listes d'applications consolidées)
Les règles ci-dessous consolident chaque application répertoriée ci-dessus et peuvent être facilement copiées et collées dans une seule règle de contournement de l'inspection SSL Cloud Web Security. Cependant, si les utilisateurs préfèrent ne pas inclure d'exemption pour chaque application couverte dans ce document, ils peuvent créer une ou plusieurs règles de contournement individuelles pour une ou plusieurs applications spécifiques en utilisant les informations fournies ci-dessus.
Domaines de contournement SSL
Entrées : 320
automatedirstrprdweu3.blob.core.windows.net, oscdn.apple.com, goto-desktop.s3.amazonaws.com, gc.apple.com, logmeinrescue.com, broadcast.skype.com, meet.goto.com, visual.force.com, msftidentity.com, wsus2westprod.blob.core.windows.net, sq-device.apple.com, cdn-apple.com, identrust.com, content.force.com, gdmf.apple.com, mesu.apple.com, icloud.com, musicimage.xboxlive.com, tbsc.apple.com, osrecovery.apple.com, firebaseapp.com, jmp.tw, cssubmissions.apple.com, quovadisglobal.com, outlook.office.com, companymanager.microsoftonline.com, automatedirstrprdcus3.blob.core.windows.net, axm-app.apple.com, goto.com, lastpass.com, mzstatic.com, wss-primary.slack.com, lastpass.eu, druva.com, sharepoint.com, ocsp2.apple.com, automatedirstrprdneu.blob.core.windows.net, mask-api.icloud.com, hvoice.net, automatedirstrprdeus3.blob.core.windows.net, becws.microsoftonline.com, deviceenrollment.apple.com, appleid.apple.com, smtp.office365.com, github.com, serverstatus.apple.com, store-images.microsoft.com, lcdn-registration.apple.com, app.goto.com, browse.logmeinusercontent.com, login.microsoftonline-p.com, gnf-mr.apple.com, wsuk1southprod.blob.core.windows.net, wseu1westprod.blob.core.windows.net, online.office.com, lync.com, assist.com, smoot.apple.com, automatedirstrprdcus.blob.core.windows.net, dolbyvoice.com, eu-v20.events.data.microsoft.com, psyjs-cdn.personify.live, skl.apple.com, webexcontent.com, appattest.apple.com, captive.apple.com, sls.microsoft.com, icloud.com.cn, google.com, acrobat.com, enterprise.opentok.com, ussus3westprod.blob.core.windows.net, deviceservices-external.apple.com, bpapi.apple.com, content.dropboxapi.com, getgocdn.com, ussus4eastprod.blob.core.windows.net, wsus2eastprod.blob.core.windows.net, mask-h2.icloud.com, logmein.com, iprofiles.apple.com, logmeininc.com, usseu1westprod.blob.core.windows.net, automatedirstrprduks.blob.core.windows.net, graph.microsoft.com, winatp-gw-eus.microsoft.com, vpp.itunes.apple.com, grammarly.com, dlmping3.adobe.com, accounts.logme.in, api.passwordreset.microsoftonline.com, swquery.apple.com, wbx2.com, vidmpreview.com, ussuk1westprod.blob.core.windows.net, lmi-antivirus-live.azureedge.net, gist.githubusercontent.com, cfl.dropboxstatic.com, dlmping2.adobe.com, fpdownload.adobe.com, lightning.force.com, xp-cdn.apple.com, adminwebservice.microsoftonline.com, gg.apple.com, office.live.com, mask.icloud.com, ccs.login.microsoftonline.com, iwork.apple.com, outlook.office365.com, wsus1westprod.blob.core.windows.net, tsfe.trafficshaping.dsp.mp.microsoft.com, vbrickrev.com, events.data.microsoft.com, europe.x.cp.wd.microsoft.com, webinar.com, itunes.apple.com, logmeinrescue-enterprise.com, jiveip.net, ls.apple.com, apple-cloudkit.com, ntservicepack.microsoft.com, xp.apple.com, gotoassist.me, getgoservices.net, diagassets.apple.com, security.microsoft.com, automatedirstrprdeus.blob.core.windows.net, clientconfig.microsoftonline-p.net, media-assetcatalog.microsoft.com, newrelic.com, gofastchat.com, officecdn-microsoft-com.akamaized.net, logincert.microsoftonline.com, usseu1northprod.blob.core.windows.net, gotomypc.com, winatp-gw-eus3.microsoft.com, wustat.windows.com, dropbox.com, wss-mobile.slack.com, loginex.microsoftonline.com, ussus2eastprod.blob.core.windows.net, gotomeet.me, onjive.com, data.logentries.com, wd.microsoft.com, logmeinrescue.eu, idmsa.apple.com, ussus2westprod.blob.core.windows.net, ussus1westprod.blob.core.windows.net, x.cp.wd.microsoft.com, winatp-gw-ukw.microsoft.com, wseu1northprod.blob.core.windows.net, gotowebinar.com, download.microsoft.com, intel.com, uk-v20.events.data.microsoft.com, unitedstates.x.cp.wd.microsoft.com, digicert.com, unitedkingdom.x.cp.wd.microsoft.com, automatedirstrprdneu3.blob.core.windows.net, getgoservices.com, echocdn.com, awmdm.com, internapcdn.net, gnf-mdn.apple.com, ciscospark.com, protection.office.com, rtcprov.net, lmi-appupdates-live.azureedge.net, echosign.com, expertcity.com, login.microsoft.com, gotoassist.com, us-v20.events.data.microsoft.com, albert.apple.com, gotoroom.com, winatp-gw-cus.microsoft.com, lencr.org, officeapps.live.com, gs.apple.com, tokbox.com, ig.apple.com, ws-ee-maidsvc.icloud.com, gotoconference.com, winatp-gw-neu.microsoft.com, githubusercontent.com, gotoassist.at, automatedirstrprdukw.blob.core.windows.net, hamachi.cc, push.apple.com, winatp-gw-neu3.microsoft.com, logmeinusercontent.com, api.opentok.com, school.apple.com, grammarly.io, support.me, teams.microsoft.com, salesforce.com, swdist.apple.com, joinwebinar.com, certs.apple.com, swcdn.apple.com, wsuk1westprod.blob.core.windows.net, google-analytics.com, gsa.apple.com, axm-adm-enroll.apple.com, passwordreset.microsoftonline.com, eum-appdynamics.com, smp-device-content.apple.com, apps.apple.com, windowsupdate.microsoft.com, gotomeeting.com, ppq.apple.com, login-us.microsoftonline.com, windowsupdate.com, account.activedirectory.windowsazure.com, ussus4westprod.blob.core.windows.net, compliance.microsoft.com, firebaseio.com, graph.windows.net, identity.apple.com, logmein.eu, go2assist.me, icloud.apple.com, cdn.x.cp.wd.microsoft.com, mediadiscovery.microsoft.com, ussus1eastprod.blob.core.windows.net, 123rescue.com, ns.itunes.apple.com, ussus3eastprod.blob.core.windows.net, swscan.apple.com, provisioningapi.microsoftonline.com, jointraining.com, valid.apple.com, sli.do, mp.microsoft.com, nexus.microsoftonline-p.com, swdownload.apple.com, setup.icloud.com, device.login.microsoftonline.com, doh.dns.apple.com, automatedirstrprdweu.blob.core.windows.net, lcdn-locator.apple.com, static.opentok.com, get3.adobe.com, fastsupport.com, joingotomeeting.com, helpme.net, bam.nr-data.net, updates.cdn-apple.com, gotostage.com, business.apple.com, lb.slack-msgs.com, gototraining.com, join.me, winatp-gw-cus3.microsoft.com, appleid.cdn-apple.com, ussuk1southprod.blob.core.windows.net, protection.outlook.com, winatp-gw-uks.microsoft.com, sstats.adobe.com, logmein-gateway.com, wss-backup.slack.com, platformdl.adobe.com, apzones.com, axm-adm-scep.apple.com, fba.apple.com, prod.do.dsp.mp.microsoft.com, wdcp.microsoft.com, cdn.microsoft.com, winatp-gw-weu.microsoft.com, static.ips.apple.com, gsas.apple.com, get.adobe.com, LogMeIn123.com, mail.protection.outlook.com, accounts.accesscontrol.windows.net, openvoice.com, dl.delivery.mp.microsoft.com, mdmenrollment.apple.com, msidentity.com, cdngetgo.com, accompany.com, skypeforbusiness.com, api.apps.apple.com, googleapis.com, ess.apple.com, auth.microsoft.com, getgo.com, login.microsoftonline.com, goto-rtc.com, anvil.opentok.com, jive.com, documentforce.com, axm-adm-mdm.apple.com, internap.net, slido.com, cdn.walkme.com, configuration.apple.com, psyjs-cdn.nuvixa.com, winatp-gw-weu3.microsoft.com, account.office.net, humb.apple.com, godaddy.com, update.microsoft.com, dropboxusercontent.com, webex.com, store-images.s-microsoft.com, stats.adobe.com, apple-livephotoskit.com, zoom.us, appdynamics.com, login.windows.net, autologon.microsoftazuread-sso.com, wsus1eastprod.blob.core.windows.net, gotomeet.at, icloud-content.com, packages.microsoft.com, defender.microsoft.com, raas.io
CIDR de contournement SSL
104.245.56.0/21, 185.23.248.0/22, 80.81.128.0/20, 199.255.120.0/22, 192.209.24.0/21, 199.68.212.0/22, 103.44.68.0/22, 66.81.240.0/20, 208.87.40.0/22, 20.53.87.0/24, 173.39.224.0/19, 150.253.128.0/17, 170.133.128.0/18, 40.119.234.0/24, 66.114.160.0/20, 44.234.52.192/26, 66.163.32.0/19, 20.68.154.0/24, 20.50.235.0/24, 20.120.238.0/23, 210.4.192.0/20, 173.243.0.0/20, 20.76.127.0/24, 62.109.192.0/18, 216.151.128.0/19, 23.89.0.0/16, 114.29.192.0/19, 20.108.99.0/24, 207.182.160.0/19, 20.57.87.0/24, 209.197.192.0/19, 69.26.160.0/19, 64.68.96.0/19, 52.232.210.0/24, 170.72.0.0/16
