TLS Exclusion list Do not decrypt but Logmein show certificate from Sophos XGS firewall

Hi,

please review this website for logmein information.

Also I suggest you use the web proxy rather SSL/TLS for logmein access.

https://support.logmeinrescue.com/rescue/help/allowlisting-and-rescue

Ian

thank you rfcat_vk 

web proxy is not a solution for us.

Logmein support give also solution to disable peer-to-peer
https://support.logmeininc.com/pro/help/what-does-error-10054-mean

But this solution did not work for us.

Why is Sophos firewall decrypt the Certificate? Thats my main question, because I exclude decryption in Sophos?!

I would suggest to you to review your non use of the web proxy for a solution to logmien.

Look at setting up a rule using proxy and logmein FQDN.

Ian

why is Sophos still decrypting Logmein if it is disabled.

Is my URL pattern wrong?

Sop Hos3 said:

URL pattern matches
^([A-Za-z0-9.-]*\.)?logmein\.com/
^[A-Za-z0-9.-]*\.[A-Za-z0-9.-]*\.logmein\.com/

If I disable SSL/TLS inspection for ALL trafic the Logmein is working fine.

Hi,

there is nothing wrong with your regex script. What you are experiencingg is that there are more websites used by logmein than you have covered. Please review application, web and ssl/tls inspection logs in log viewer using the IP address of the PC as the search criteria.

Ian

there is also logmein.co and logmein.eu and that was just a quick check.

Ian

yes, I know, the list of Logmein is almost Endless  ;)
https://support.logmeininc.com/gotoassist-remote-support/help/whitelisting-and-firewall-configuration

I have checked my Firewall Log SSL/TLS inspection and there are only the *.logmein.com Servernames

My current list for Logmein Web protection exception

URL pattern matches
^([A-Za-z0-9.-]*\.)?logmeinrescue-enterprise\.com/
^([A-Za-z0-9.-]*\.)?webservice\.logmein\.com/
^([A-Za-z0-9.-]*\.)?logmeinusercontent\.com/
^([A-Za-z0-9.-]*\.)?browse\.logmeinusercontent\.com/
^([A-Za-z0-9.-]*\.)?accounts\.logme\.in/
^([A-Za-z0-9.-]*\.)?logmeinrescue\.com/
^[A-Za-z0-9.-]*\.[A-Za-z0-9.-]*\.logmein\.com/
^([A-Za-z0-9.-]*\.)?logmeininc\.com/
^([A-Za-z0-9.-]*\.)?boldchat\.com/
^([A-Za-z0-9.-]*\.)?logmein\.com/
^([A-Za-z0-9.-]*\.)?internapcdn\.net/


and my Logmein Exceptions IP
64.74.0.0/19
64.74.112.0/20
64.95.128.0/21
69.88.148.0/22
95.172.68.0/22

yes, I know, the list of Logmein is almost Endless  ;)
https://support.logmeininc.com/gotoassist-remote-support/help/whitelisting-and-firewall-configuration

I have checked my Firewall Log SSL/TLS inspection and there are only the *.logmein.com Servernames

My current list for Logmein Web protection exception

URL pattern matches
^([A-Za-z0-9.-]*\.)?logmeinrescue-enterprise\.com/
^([A-Za-z0-9.-]*\.)?webservice\.logmein\.com/
^([A-Za-z0-9.-]*\.)?logmeinusercontent\.com/
^([A-Za-z0-9.-]*\.)?browse\.logmeinusercontent\.com/
^([A-Za-z0-9.-]*\.)?accounts\.logme\.in/
^([A-Za-z0-9.-]*\.)?logmeinrescue\.com/
^[A-Za-z0-9.-]*\.[A-Za-z0-9.-]*\.logmein\.com/
^([A-Za-z0-9.-]*\.)?logmeininc\.com/
^([A-Za-z0-9.-]*\.)?boldchat\.com/
^([A-Za-z0-9.-]*\.)?logmein\.com/
^([A-Za-z0-9.-]*\.)?internapcdn\.net/


and my Logmein Exceptions IP
64.74.0.0/19
64.74.112.0/20
64.95.128.0/21
69.88.148.0/22
95.172.68.0/22

Hi,

thank you for the list, what I am suggesting are sites that are not logmein, like ms or apple site are not all called Ms or apple.

ian

I have checked again my complete Firewall Log SSL/TLS inspection for Error and found an IP address which is used by Logmein and was not yet on my exclusion list and added this
158.120.16.0/20

Hope this help my connection problems, will test it the next couple of days