GotoMeeting with Outbound SSL decryption

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

GotoMeeting with Outbound SSL decryption

Hi all,

I'm testing out the SSL forward proxy feature of the PAN and the only issue I have is that gotomeeting doesn't work.

I configured it with the guide from the website here and made the two rules one which says don't inspect banking/medical etc. followed by the decrypt all rule.  I cant figure out how to tell the PAN to not try and decrypt this particular site.  According to the brightcloud page it falls within "Computer and internet info" and "Business and Economy" categories.  I dont want to not decrypt everything in that category "Business and economy" so I dont know how to fix this this issue.

And the problem with creating a custom category is that I have no idea what the URL or IP addresses are that it uses to do its thing.

Does anyone know how to get it working?

Thanks!

Justin


Accepted Solutions
Highlighted
L3 Networker

Hi Justin, I believe gotomeeting should be excluded from ssl decrypt by default via the exclude cache. Are you sure the GTM session is actually getting decrypted? You can tell using 'show session all filter source <source IP> ssl-decrypt yes'

This will show you all decrypted sessions for the source host.

If you want to exclude something from ssl decrypt but you don't want to use destination IP or url category you can use the SSL Exclude Certificate. You need to confirm and obtain the ssl cert that the application\site uses, import that cert into the PAN then check the "SSL Exclude Certificate" box for the cert. This should exclude anything that uses that cert. Let me know if you have any questions.

John

View solution in original post


All Replies
Highlighted
L5 Sessionator

Hello,

Go-to-meeting is listed as one of the applications in the decryption exclude list.

Please refer to the following documents:

List of Applications Excluded from SSL Decryption

Hope that helps!

Regards,

Kunal Adak

Highlighted
L3 Networker

Hi Justin, I believe gotomeeting should be excluded from ssl decrypt by default via the exclude cache. Are you sure the GTM session is actually getting decrypted? You can tell using 'show session all filter source <source IP> ssl-decrypt yes'

This will show you all decrypted sessions for the source host.

If you want to exclude something from ssl decrypt but you don't want to use destination IP or url category you can use the SSL Exclude Certificate. You need to confirm and obtain the ssl cert that the application\site uses, import that cert into the PAN then check the "SSL Exclude Certificate" box for the cert. This should exclude anything that uses that cert. Let me know if you have any questions.

John

View solution in original post

Highlighted
L1 Bithead

Hey John,

It looks like it is being decrypted and it is part of the "computer-and-internet-info" URL category.  I am currently not decrypting that category because gotomeeting doesnt work with it on.

Is this a bug?  I'm not sure what else is in that category but the goal is to decrypt everything that doesn't include some sort of personal info.

Heres a couple screenshots

Capture.PNGCapture1.PNG

Highlighted
L3 Networker

That is correct, GotoMeeting is excluded from ssl decryption as it is not supported at this time.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!