07-29-2013 09:17 AM
Hi all,
I'm testing out the SSL forward proxy feature of the PAN and the only issue I have is that gotomeeting doesn't work.
I configured it with the guide from the website here and made the two rules one which says don't inspect banking/medical etc. followed by the decrypt all rule. I cant figure out how to tell the PAN to not try and decrypt this particular site. According to the brightcloud page it falls within "Computer and internet info" and "Business and Economy" categories. I dont want to not decrypt everything in that category "Business and economy" so I dont know how to fix this this issue.
And the problem with creating a custom category is that I have no idea what the URL or IP addresses are that it uses to do its thing.
Does anyone know how to get it working?
Thanks!
Justin
07-29-2013 11:01 AM
Hi Justin, I believe gotomeeting should be excluded from ssl decrypt by default via the exclude cache. Are you sure the GTM session is actually getting decrypted? You can tell using 'show session all filter source <source IP> ssl-decrypt yes'
This will show you all decrypted sessions for the source host.
If you want to exclude something from ssl decrypt but you don't want to use destination IP or url category you can use the SSL Exclude Certificate. You need to confirm and obtain the ssl cert that the application\site uses, import that cert into the PAN then check the "SSL Exclude Certificate" box for the cert. This should exclude anything that uses that cert. Let me know if you have any questions.
John
07-29-2013 10:46 AM
Hello,
Go-to-meeting is listed as one of the applications in the decryption exclude list.
Please refer to the following documents:
List of Applications Excluded from SSL Decryption
Hope that helps!
Regards,
Kunal Adak
07-29-2013 11:01 AM
Hi Justin, I believe gotomeeting should be excluded from ssl decrypt by default via the exclude cache. Are you sure the GTM session is actually getting decrypted? You can tell using 'show session all filter source <source IP> ssl-decrypt yes'
This will show you all decrypted sessions for the source host.
If you want to exclude something from ssl decrypt but you don't want to use destination IP or url category you can use the SSL Exclude Certificate. You need to confirm and obtain the ssl cert that the application\site uses, import that cert into the PAN then check the "SSL Exclude Certificate" box for the cert. This should exclude anything that uses that cert. Let me know if you have any questions.
John
08-07-2013 07:01 AM
Hey John,
It looks like it is being decrypted and it is part of the "computer-and-internet-info" URL category. I am currently not decrypting that category because gotomeeting doesnt work with it on.
Is this a bug? I'm not sure what else is in that category but the goal is to decrypt everything that doesn't include some sort of personal info.
Heres a couple screenshots
08-07-2013 05:12 PM
That is correct, GotoMeeting is excluded from ssl decryption as it is not supported at this time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
