cancel
Showing results for 
Search instead for 
Did you mean: 
moros
Level 7

How to use itunes over McAfee Webgateway V7.0

Hi everyone,

We just implemented the new version of Webgateway in my company and we are still blocked with a big issue :

How to use Itunes over this new version of Webgateway ?

I didnt found any working solution so I hope that you can help me

Many thanks in advance

Best regards,

Moros

17 Replies
asabban
Level 17

Re: How to use itunes over McAfee Webgateway V7.0

Hello,

what is the exact problem you are encoutering? Is it a problem to download ittunes or has it already been installed and some features do not work as expected?

Can you add some more description on what exactly fails?

Best,

Andre

0 Kudos
moros
Level 7

Re: How to use itunes over McAfee Webgateway V7.0

Itunes is already installed on the PC but when I start it a request for login and password to the proxy appears and the program doesnt run.... I tried to add those url below to the global whitelist but it doesn't change anything...

itunes.apple.com

ax.itunes.apple.com

albert.apple.com

gs.apple.com

phobos.apple.com

deimos3.apple.com

0 Kudos
asabban
Level 17

Re: How to use itunes over McAfee Webgateway V7.0

Hello,

the authentication popup is most likely caused by your MWG being setup to require authentication. This should not be an issue if you provide correct credentials. I have tested it on my Lab with a default MWG + NTLM Auth. Once I filled domain\username + a valid password into the popup, access worked pretty well.

To whitelist authentication it seems that a couple of more URL hosts need to be whitelisted, such as below:

Auswahl_473.png

Additionally iTunes tries to talk to several URLs to get certificate revocation lists to ensure the SSL certificates used are valid. I added my rule set that seems to work on iTunes 10.6 on Windows 7 (64 bit).

You will most likely have to add additional hosts. The errors log will help you to determine URL, URL.Host and/or User-Agents. If you add more, beware of the properties being used (URL.Host or URL).

Best,

Andre

Nachricht geändert durch asabban on 26.03.12 08:46:04 CDT
moros
Level 7

Re: How to use itunes over McAfee Webgateway V7.0

thanks for your both answer

@asabban : I tried to put the correct credentials but the popup appears again and again and Itunes doesn't start..... I also tried to add all the url hosts you sent to me in my global whitelist and also in my certificate whitelist for ssl inspection but it's still the same :-/  I saw in you xml file that you're running the MWG 7.2.0.x and my version is 7.1.0.x ... Do you think I should upgrade it to get it works ???

@Troja : Yes I have the SSL Scan enabled and if it possible I would like to keeps it active....

Best regards,

Math

0 Kudos
asabban
Level 17

Re: How to use itunes over McAfee Webgateway V7.0

Hello,

7.2 is not yet available for public use I think. I am running a beta in my lab, so I won´t recommend to upgrade. In my tests I have moved the rule set I shared on top of the policy to prevent even SSL Scanner from being called. If you put the entries to the global whitelist you will remove any filtering anyway, so there is no benefit of keeping SSL inspection active. Also Thorsten is right, iTunes checks the certificate it obtained from the server. If the certificate is not the original one issued by iTunes, it will show an error message and will not proceed.

Can you try adding the rule set I added to the top of the policy? Additionally can you check the access.log when you try to access iTunes? There should be requests with a status code of 407, which means that MWG requires authentication. They will cause the popup to occur.

What happens when you will in valid credentials, check the "remember credentials" checkbox and procees? Will iTunes start or still keep asking?

Best,

Andre

0 Kudos
Troja
Level 14

Re: How to use itunes over McAfee Webgateway V7.0

Hi moros,

i tested iTunes on different systems (Bluecoat and so on) where SSL Scan is active. iTunes was never working when SSL Scan is active.

Perhaps we can build a spezial Ruleset to get iTunes traffic working.

Cheers,

Thorsten

0 Kudos
moros
Level 7

Re: How to use itunes over McAfee Webgateway V7.0

Ok I imported your ruleset on the top of my policy :

policy.jpg

Itunes keeps asking me for credentials (4 times) but after that the program works perfectly. The problem is that even if I check the "remember credentials" checkbox, when I restart the program the popup reappears.... I add you below the part of the access log when I start Itunes :

accesslog.jpg

Best,

Math

0 Kudos
asabban
Level 17

Re: How to use itunes over McAfee Webgateway V7.0

Hi Math,

can you add the following two entries to the iTunes Host list from the rule set above?

Auswahl_474.png

Then give it another try and check the access.log.

Best,

Andre

Re: How to use itunes over McAfee Webgateway V7.0

Hi Moros, I also spent some time getting iTunes working through MWG6 and now V7. The problem is that iTunes does not support certain authentication methods, for us that is NTLM. Assuming you are using the default Direct Proxy Authentication and Authorization rule set, the way round is as follows:

  1. Create a rule that Skips Authorization for User-Agents and add iTunes/* to the list
  2. Create a rule that Skips Authorization for HOSTS and add *apple.com*

iTunes should work just fine after that, it saves you have to whitelist all the URLS as the majority use the user agent iTunes/current iTunes version number

If you like I can upload my rule set...