Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 23495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS decryption exclusion for splashtop and logmein

Chris Wright

I need to be able to exclude Splashtop and logmein from SSL Inspection for them to work. I tried ^[A-Za-z0-9.-]*\.splashtop\.com/ which lets me connect through the client, but I am not able to remote into any machines. I am assuming that is because the remote aspect must be using another URL that is not covered under this expression. Anyone have experience with this one?

 

UPDATE: I found these on splashtop site

  • st2-relay.api.splashtop.com

  • st2.api.splashtop.com
  • *.relay.splashtop.com (including wildcard)

 

This is what I added into the Sophos exclusion list I have created and still does not work

^[A-Za-z0-9.-]*\.relay\.splashtop\.com/

^[A-Za-z0-9.-]*\.splashtop\.com/

st2.api.splashtop.com

st2-relay.api.splashtop.com



This thread was automatically locked due to age.
Parents
  • 0

    Hi All,

    Besides the 2 sets of DNS servers needed for Splashtop (*.api.splashtop.com and *.relay.splashtop.com), Splashtop sets up end to end encryption.  Therefore, there will be "non-ssl" packets through port 443.  Please see this article for complete information:

    https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/212724303-Why-does-the-Splashtop-software-show-unable-to-reach-Splashtop-servers-

    If the check tool - www.splashtop.com/check - passes, then it is likely the non-ssl packets on port 443 are being blocked by inspection.

    Thanks,

    Victor (Splashtop)

  • 0 in reply to Victor Chin

    That URL you sent passes all the way for me. I am able to log in to Splashtop app just fine. The problem is when you click on an endpoint to remote into this creates a connection with their AWS servers that is being done by IP address instead of DNS. The decrypt and scan wont work with this method. You have to exclude the IPAddress under web site categories to make this work. Splashtop support gave me a list of AWS ip addresses to exclude and it was nuts. Even after adding all of them it still did not work. If someone in support has found something that we can do about this please enlighten me. This is a Splashtop and logmein issue since they are not using DNS so there is no way to whitelist all of the random servers your remote sessions connect to. I am having the same issue with logmein.

     

    Server Name URL Status
    API server 1 https://st2.api.splashtop.com Success
    API server 2 st2-relay.api.splashtop.com Success
    Relay server 34-203-198-176.relay.splashtop.com Success
    Chrome connection server 1 wss://wbs.relay.splashtop.com Success
    Chrome connection server 2 wss://wbs2.relay.splashtop.com Success
  • 0 in reply to Chris Wright

    Just to say that I had the same issue with a client not being able to remote into their PC via Log Me In. As discussed above I had to set an exception in the web filtering policy to allow (i.e do not filter) the IP Address category for that end users PC on the network.

    Also note - you will not see any logs on the XG that will say this is being blocked which is crazy. Would be great if someone can shed some light on how you can identify via the XG logs that the IP address is being blocked as the firewall nor the web filter log shows the IP address being blocked (even when HTTPS scanning is off - as it was in my case)?

    For reference - The logmein log file is located here c:\programdata\logmein\logmein.txt and this is what logmein shows when it doesn't work and the IP address category is blocked.

    ---------------------

    2019-01-25 06:47:58.706 - Info - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - WebSvc - Connecting to web gateway control.app12-02.logmein.com:443...
    2019-01-25 06:47:58.728 - Info - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000023EC - PatchMgmt - WUA version compare [ Local : 10.0.17134.254 ; Available: 7.4.7600.226 ].
    2019-01-25 06:47:59.158 - Error - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - Socket - 216.219.115.3:443/websvc - Certificate chain verification failed, trust status: 20/100.
    2019-01-25 06:47:59.158 - Error - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - Socket - 216.219.115.3:443/websvc - 1: E=support@sophos.com, CN=Sophos SSL CA_C1403B46H4FG8BB, OU=NSG, O=Sophos, S=Oxfordshire, C=GB; S#=01; trust 20/109.
    2019-01-25 06:47:59.158 - Error - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - Socket - 216.219.115.3:443/websvc - 0: CN=216.219.115.3; S#=35:BC:43:31:7E:E9:9A:E7:DA:A0:DC:4F:44:9A:5E; trust 0/101.
    2019-01-25 06:47:59.166 - Error - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - WebSvc - Failed to connect to web gateway: The data is invalid. (13)

    ---------------------

    When the IP address category is filtered  - the connection works - this is what the logmein log will say

    2019-01-25 06:51:06.426 - Info - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - WebSvc - Connecting to web gateway control.app12-07.logmein.com:443...
    2019-01-25 06:51:07.011 - Info - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - WebSvc - Verifying server certificate...
    2019-01-25 06:51:07.011 - Info - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - WebSvc - Server certificate accepted: *.app12-07.logmein.com
    2019-01-25 06:51:07.212 - Info - LogMeIn - NT AUTHORITY\SYSTEM - 05132 - 0x000026EC - WebSvc - Logged in to web gateway.

    ---------------------

  • 0 in reply to Gerry Morley

    Any news about this?
    Right now I'm blocked!
    HELP PLEASE!!!

Reply Children
No Data