Companies often have web proxies that are deployed in their corporate environment to secure outbound internet traffic. Administrators may also have remote workers connect to their corporate workloads using a web proxy to secure their work terminal. Web proxies are additional network components that inspect traffic and may cause performance-related issues to real-time applications like introducing latency, jitter, and packet loss in network congestion scenarios.
Zoom recommends that any real-time traffic be allowed on a web proxy to ensure that the traffic flows directly from the client through a corporate firewall to the Zoom data centers. If you're unable to allow the Zoom traffic, it is recommended to allow UDP traffic through the web proxy however this may introduce latency and jitter and may deteriorate the user experience.
This article covers:
Due to the real time nature of Zoom Phone, web proxies may provide a sub-optimal experience to the end user. Also, in the case of Zoom Phone, all traffic is already encrypted so web proxies do not make it more secure. With this in mind, the best practice is to bypass web proxies when deploying and using Zoom Phone.
Utilizing standards-based Voice over Internet Protocol (VoIP) to deliver best-in-class voice services, Zoom Phone delivers a secure and reliable alternative to traditional on-premise PBX solutions. Signaling, call setup, and in-call features are delivered via Session Initiation Protocol (SIP) and encrypted using TLS1.2 and PKI Certificates issued by a trusted commercial certificate authority. Zoom uses UDP to route voice traffic which is encrypted using Secure Real-Time Transport Protocol (SRTP) with Advanced Encryption Standard (AES) 256-GCM profiles to ensure that unauthorized parties cannot eavesdrop on phone conversations. For more information on Zoom Phone’s security capabilities, visit the Zoom Trust Center.
To ensure that Zoom users have an optimal experience, Zoom recommends allowing traffic destined to Zoom data centers, i.e. routed directly without a web proxy.
Zoom takes the following steps to ensure that data that is being allowed is protected: