Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 797 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS Exclusion list Do not decrypt but Logmein show certificate from Sophos XGS firewall

Sop Hos3

Hello,

we have XGS 136 firewall with enabled SSL/TLS inspection
All workstations have Logmein installed.
Sophos Firewall Certificate is installed on workstation trusted certificate in local computer storeOn XFS firewall I have create Logmein Local TLS exclusion list for Logmein and also Web Exception (HTTPS decryption & HTTPS certificate validation)

When I disable SSL/TLS inspection I can connect to workstation with Logmein
When SSL/TLS inspection enabled I can NOT connect.


Local TLS exclusion list: logmein.com

URL pattern matches
^([A-Za-z0-9.-]*\.)?logmein\.com/
^[A-Za-z0-9.-]*\.[A-Za-z0-9.-]*\.logmein\.com/


screenshots:

No connection

LocalComputerCertificateTrusted

With disabled SSL/TLS inspection

How can I make correct exception for Logmein?

Example of Logmein connection URL
control.lmi-app20-05.logmein.com
control.lmi-app20-06.logmein.com
control.lmi-app20-07.logmein.com
control.lmi-app20-08.logmein.com
control.lmi-app03-10.logmein.com
control.lmi-app03-13.logmein.com
console-efuexvrqrs.lmi-app20-05.logmein.com
console-bybvznvduz.lmi-app20-07.logmein.com
console-agnyxrrvqk.lmi-app20-08.logmein.com

XGS LOG SSL-TLS-inspection-log



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Sop Hos3

    Hi,

    there is nothing wrong with your regex script. What you are experiencingg is that there are more websites used by logmein than you have covered. Please review application, web and ssl/tls inspection logs in log viewer using the IP address of the PC as the search criteria.

    Ian

Children