|

Web proxy server support for Zoom Phone

ByCorporate Guider Zoom, Home

A web proxy is typically used by companies in order to secure the outbound internet traffic that leaves their corporate environment. A web proxy may also be used by administrators in order to secure the workstation of remote workers so that they can access their corporate workloads. When a network congestion scenario occurs, Web proxies will affect the performance of real-time applications, such as introducing latency, jitter, and packet loss due to the additional network components that inspect traffic.

There is a recommendation from Zoom that any real-time traffic should be allowed on a web proxy in order to ensure that the traffic flows directly from the client through a corporate firewall to the Zoom data centers without having to go through the corporate firewall. Alternatively, you might be able to allow UDP traffic through the web proxy if you are unable to allow Zoom traffic through the web proxy; however, this may introduce latency and jitter, deteriorating the user experience as a result.

This article covers:

  • Do I need a web proxy server for Zoom Phone?

  • Why is it best practice to avoid web proxy servers when using Zoom Phone?

  • How can I secure my Zoom Phone traffic without a web proxy server?

Do I need a web proxy server for Zoom Phone?

Because Zoom Phone is a real-time application, web proxies may result in a sub-optimal experience for the end user as it is a real-time application. In addition, all of the traffic is already encrypted in the case of Zoom Phone, so the use of web proxies will not make the traffic any more secure. When deploying and using Zoom Phone, it is important to keep in mind that it is best practice to bypass web proxies as much as possible.

Why is it best practice to avoid web proxy servers when using Zoom Phone?

Through the use of Voice over Internet Protocol (VoIP), Zoom Phone is able to deliver voice services that are better than traditional on-premise PBX solutions due to its innovative use of standards-based VoIP technology. Signaling, call setup, and in-call features are delivered via the Session Initiation Protocol (SIP) and are encrypted using TLS1.2 and PKI certificates issued by a commercial certificate authority that is considered to be a trusted source of commercial certificates. AES-256-GCM profiles are used by Zoom to encrypt voice traffic over UDP to prevent unauthorized parties from being able to eavesdrop on phone conversations, which is achieved using Secure Real-Time Transport Protocol (SRTP) and Advanced Encryption Standard (AES) 256-GCM profiles. For more information on Zoom Phone’s security capabilities, visit the Zoom Trust Center.

How can I secure my Zoom Phone traffic without a web proxy server?

Zoom recommends allowing users to route traffic targeted at Zoom data centers directly without using a web proxy as a way to ensure that Zoom users experience an optimal Zoom experience.

In order to ensure that the data included in the Zoom application is protected, Zoom takes the following steps:

  • There are three kinds of traffic that Zoom clients generate:

    • Configuration – This step involves downloading the firmware and provisioning files for the device

    • Signaling – the process of setting up and tearing down calls

    • Media – This is the actual stream of voice that is part of the conversation that is being held

  • There is an industry standard encryption technology that is used to encrypt all traffic from Zoom clients. The message traffic is encrypted with TLS version 1.2 so that to ensure privacy, it keeps the signaling traffic from being eavesdropped, tampered with, or forged by those who are attempting to interfere with it.

  • A Secure Real-Time Transport Protocol is employed for encrypting the media traffic. This protocol provides confidentiality, message authentication, and replay protection to the RTP traffic, making it very secure.

  • The firmware and configuration files are downloaded over an HTTPS channel to ensure the security of the system. A web proxy is able to traverse this traffic since it is not considered real time traffic.

  • There is the possibility of allowing Zoom clients to send traffic to known IP addresses and ports. As the Zoom clients typically initiate the traffic outbound to the Zoom data center, there is little need for firewall ports to be opened in order to allow inbound traffic to reach the Zoom data center. See the IP range list for the most up-to-date list of IP addresses in order to ensure that you have the most detailed list.

  • As part of our datacenter security policy, Zoom maintains a high level of security. SOC2 reports are available on request when you would like to know more about our security posture and how it has been documented. A third party audit is performed to make sure that our security posture remains at a high level. Take a look at our detailed security compliance reports for more information.

All content and images credit goes to https://support.zoom.us

Related posts:

  1. Using Zoom on a foldable device
  2. Managing emergency location and addresses in Zoom
  3. Managing channels in zoom app
  4. Transferring calls in zoom
  5. Changing whether queue members receive queue calls in zoom app
  6. Manually changing the date and time on a Poly Trio in zoom app
  7. Maximum ticket capacity for Zoom Events
  8. Advance notice of end of support for Zoom Rooms Controller on iOS 8 and iOS 9
  9. Using the Emergency Call Notifications chatbot in zoom app
  10. Using Jira Server Notifications in zoom app

Similar Posts