Hello again DBO,
Webex is another application that uses proprietary traffic encrypted in SSL, this needs to be bypassed as well, KB62664 outlines what is required to accomplish this. How do you have the McAfee Web Gateway implemented, is it a direct proxy? Or is it implemented transparently?
Jon ScholtenMessage was edited by: Jon Scholten on 11/4/09 4:27 PM
Here is what Webex's KB has to say on the matter:
Again this would require a bypass for the destination URL that the application is attempting to contact, this can be found in the access log, but as the KB referenced above, it could be in the range of: 22.214.171.124-126.96.36.199, which translates to the follow in terms of MWG shell expressions: 64.68.9[6-9].*, 64.68.1[0,1][0-9].*, 64.68.12[0-7].*
In a direct proxy setup you should be able to enter in a Global Certificate List/Certificate List entry for 'webex.com' by Host, and Tunnel under the SSL Scanner tab.
Again if you need immediate assistance support will be able to work through the issue with you.
OK, when you say « a bypass for the destination URL for 64.68.9[6-9].*, 64.68.1[0,1][0-9].*, 64.68.12[0-7].*», at what section of WebWasher are you refering? There is too many places to do something similar so you have to be very specific.
We have deployed WebWasher but are fighting issues that didn't show up in the tests like applications doing their own FTP, Application trying to access the Internet without using the proxy setting or with their own Proxy setting, etc. We have to solve those issue one by one...
When I speak of bypasses, there are a couple of sections:
Certificate List - Located under SSL Scanner > Certificate List, this is a policy dependent list which allows you to make exceptions for domains. (as I described above)
Global Certificate List - Located under SSL Scanner > Global Certificate List, this is a policy independent list which allows you to make exceptions for domains.
URLs in the Global Certificate List/Certificate List enter the ICAP process and recieve a policy.
SSL Scanner bypass, Located under Proxies > HTTPS Proxy, located at the bottom of the screen you can enter domains/IPs to exempt from entering the ICAP process altogether.
There is also the option of bypassing for the category which can be done under SSL Scanner > Scan Encrypted Traffic, then check the box for 'Tunneling by Category', then select 'Web Meetings' or 'Remote Access' category and set the tunneling behavior to 'Bypass SSL Scanner'.
Here is what we did. We have a custom category called "SSL Bypass". We used the Extended List Manager and reclassified webex.com as being in the SSL Bypass category. We then added the SSL Bypass category to the SSL Scanner -> Scan Encypted Traffic -> Tunnel By Category section and checked the box marked "Bypass SSL Scanner".