cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 8
Report Inappropriate Content
Message 1 of 18

How to use itunes over McAfee Webgateway V7.0

Hi everyone,

We just implemented the new version of Webgateway in my company and we are still blocked with a big issue :

How to use Itunes over this new version of Webgateway ?

I didnt found any working solution so I hope that you can help me

Many thanks in advance

Best regards,

Moros

17 Replies
Highlighted
Level 17
Report Inappropriate Content
Message 2 of 18

Re: How to use itunes over McAfee Webgateway V7.0

Hello,

what is the exact problem you are encoutering? Is it a problem to download ittunes or has it already been installed and some features do not work as expected?

Can you add some more description on what exactly fails?

Best,

Andre

Highlighted
Level 8
Report Inappropriate Content
Message 3 of 18

Re: How to use itunes over McAfee Webgateway V7.0

Itunes is already installed on the PC but when I start it a request for login and password to the proxy appears and the program doesnt run.... I tried to add those url below to the global whitelist but it doesn't change anything...

itunes.apple.com

ax.itunes.apple.com

albert.apple.com

gs.apple.com

phobos.apple.com

deimos3.apple.com

Highlighted
Level 17
Report Inappropriate Content
Message 4 of 18

Re: How to use itunes over McAfee Webgateway V7.0

Hello,

the authentication popup is most likely caused by your MWG being setup to require authentication. This should not be an issue if you provide correct credentials. I have tested it on my Lab with a default MWG + NTLM Auth. Once I filled domain\username + a valid password into the popup, access worked pretty well.

To whitelist authentication it seems that a couple of more URL hosts need to be whitelisted, such as below:

Auswahl_473.png

Additionally iTunes tries to talk to several URLs to get certificate revocation lists to ensure the SSL certificates used are valid. I added my rule set that seems to work on iTunes 10.6 on Windows 7 (64 bit).

You will most likely have to add additional hosts. The errors log will help you to determine URL, URL.Host and/or User-Agents. If you add more, beware of the properties being used (URL.Host or URL).

Best,

Andre

Nachricht geändert durch asabban on 26.03.12 08:46:04 CDT
Highlighted
Level 8
Report Inappropriate Content
Message 5 of 18

Re: How to use itunes over McAfee Webgateway V7.0

thanks for your both answer

@asabban : I tried to put the correct credentials but the popup appears again and again and Itunes doesn't start..... I also tried to add all the url hosts you sent to me in my global whitelist and also in my certificate whitelist for ssl inspection but it's still the same 😕  I saw in you xml file that you're running the MWG 7.2.0.x and my version is 7.1.0.x ... Do you think I should upgrade it to get it works ???

@Troja : Yes I have the SSL Scan enabled and if it possible I would like to keeps it active....

Best regards,

Math

Highlighted
Level 17
Report Inappropriate Content
Message 6 of 18

Re: How to use itunes over McAfee Webgateway V7.0

Hello,

7.2 is not yet available for public use I think. I am running a beta in my lab, so I won´t recommend to upgrade. In my tests I have moved the rule set I shared on top of the policy to prevent even SSL Scanner from being called. If you put the entries to the global whitelist you will remove any filtering anyway, so there is no benefit of keeping SSL inspection active. Also Thorsten is right, iTunes checks the certificate it obtained from the server. If the certificate is not the original one issued by iTunes, it will show an error message and will not proceed.

Can you try adding the rule set I added to the top of the policy? Additionally can you check the access.log when you try to access iTunes? There should be requests with a status code of 407, which means that MWG requires authentication. They will cause the popup to occur.

What happens when you will in valid credentials, check the "remember credentials" checkbox and procees? Will iTunes start or still keep asking?

Best,

Andre

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 18

Re: How to use itunes over McAfee Webgateway V7.0

Hi moros,

i tested iTunes on different systems (Bluecoat and so on) where SSL Scan is active. iTunes was never working when SSL Scan is active.

Perhaps we can build a spezial Ruleset to get iTunes traffic working.

Cheers,

Thorsten

Highlighted
Level 8
Report Inappropriate Content
Message 8 of 18

Re: How to use itunes over McAfee Webgateway V7.0

Ok I imported your ruleset on the top of my policy :

policy.jpg

Itunes keeps asking me for credentials (4 times) but after that the program works perfectly. The problem is that even if I check the "remember credentials" checkbox, when I restart the program the popup reappears.... I add you below the part of the access log when I start Itunes :

accesslog.jpg

Best,

Math

Highlighted
Level 17
Report Inappropriate Content
Message 9 of 18

Re: How to use itunes over McAfee Webgateway V7.0

Hi Math,

can you add the following two entries to the iTunes Host list from the rule set above?

Auswahl_474.png

Then give it another try and check the access.log.

Best,

Andre

Highlighted

Re: How to use itunes over McAfee Webgateway V7.0

Hi Moros, I also spent some time getting iTunes working through MWG6 and now V7. The problem is that iTunes does not support certain authentication methods, for us that is NTLM. Assuming you are using the default Direct Proxy Authentication and Authorization rule set, the way round is as follows:

  1. Create a rule that Skips Authorization for User-Agents and add iTunes/* to the list
  2. Create a rule that Skips Authorization for HOSTS and add *apple.com*

iTunes should work just fine after that, it saves you have to whitelist all the URLS as the majority use the user agent iTunes/current iTunes version number

If you like I can upload my rule set...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community