Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 756 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS Exclusion list Do not decrypt but Logmein show certificate from Sophos XGS firewall

Sop Hos3

Hello,

we have XGS 136 firewall with enabled SSL/TLS inspection
All workstations have Logmein installed.
Sophos Firewall Certificate is installed on workstation trusted certificate in local computer storeOn XFS firewall I have create Logmein Local TLS exclusion list for Logmein and also Web Exception (HTTPS decryption & HTTPS certificate validation)

When I disable SSL/TLS inspection I can connect to workstation with Logmein
When SSL/TLS inspection enabled I can NOT connect.


Local TLS exclusion list: logmein.com

URL pattern matches
^([A-Za-z0-9.-]*\.)?logmein\.com/
^[A-Za-z0-9.-]*\.[A-Za-z0-9.-]*\.logmein\.com/


screenshots:

No connection

LocalComputerCertificateTrusted

With disabled SSL/TLS inspection

How can I make correct exception for Logmein?

Example of Logmein connection URL
control.lmi-app20-05.logmein.com
control.lmi-app20-06.logmein.com
control.lmi-app20-07.logmein.com
control.lmi-app20-08.logmein.com
control.lmi-app03-10.logmein.com
control.lmi-app03-13.logmein.com
console-efuexvrqrs.lmi-app20-05.logmein.com
console-bybvznvduz.lmi-app20-07.logmein.com
console-agnyxrrvqk.lmi-app20-08.logmein.com

XGS LOG SSL-TLS-inspection-log



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rfcat_vk

    yes, I know, the list of Logmein is almost Endless  ;)
    https://support.logmeininc.com/gotoassist-remote-support/help/whitelisting-and-firewall-configuration

    I have checked my Firewall Log SSL/TLS inspection and there are only the *.logmein.com Servernames

    My current list for Logmein Web protection exception

    URL pattern matches
    ^([A-Za-z0-9.-]*\.)?logmeinrescue-enterprise\.com/
    ^([A-Za-z0-9.-]*\.)?webservice\.logmein\.com/
    ^([A-Za-z0-9.-]*\.)?logmeinusercontent\.com/
    ^([A-Za-z0-9.-]*\.)?browse\.logmeinusercontent\.com/
    ^([A-Za-z0-9.-]*\.)?accounts\.logme\.in/
    ^([A-Za-z0-9.-]*\.)?logmeinrescue\.com/
    ^[A-Za-z0-9.-]*\.[A-Za-z0-9.-]*\.logmein\.com/
    ^([A-Za-z0-9.-]*\.)?logmeininc\.com/
    ^([A-Za-z0-9.-]*\.)?boldchat\.com/
    ^([A-Za-z0-9.-]*\.)?logmein\.com/
    ^([A-Za-z0-9.-]*\.)?internapcdn\.net/


    and my Logmein Exceptions IP
    64.74.0.0/19
    64.74.112.0/20
    64.95.128.0/21
    69.88.148.0/22
    95.172.68.0/22

  • 0 in reply to Sop Hos3

    Hi,

    thank you for the list, what I am suggesting are sites that are not logmein, like ms or apple site are not all called Ms or apple.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I have checked again my complete Firewall Log SSL/TLS inspection for Error and found an IP address which is used by Logmein and was not yet on my exclusion list and added this
    158.120.16.0/20

    Hope this help my connection problems, will test it the next couple of days

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?