6 Replies Latest reply on Nov 5, 2009 7:15 AM by jspanitz

    Cisco Webex session

    DBO

      Anybody been able to get Cisco Webex remote session across Secureweb?  I have follow an article in the Knowledge base on https://mysupport.mcafee.com but I wasn't successfull

        • 1. Re: Cisco Webex session
          Jon Scholten

          Hello again DBO,

           

          Webex is another application that uses proprietary traffic encrypted in SSL, this needs to be bypassed as well, KB62664 outlines what is required to accomplish this. How do you have the McAfee Web Gateway implemented, is it a direct proxy? Or is it implemented transparently?

           

          Best Regards,

          Jon Scholten

           

           

          Message was edited by: Jon Scholten on 11/4/09 4:27 PM
          • 2. Re: Cisco Webex session
            DBO

            I have implement this article but Cisco Webex Connect is not able to connect.  We are in Direct Proxy mode with NTLM auth

            • 3. Re: Cisco Webex session
              Jon Scholten

              Hello Daniel,

               

              Here is what Webex's KB has to say on the matter:

              http://support.webex.com/SelfServiceWeb/portlets/ViewArticle/showSingleArticle.d o?_articleId=WBX264

               

              Again this would require a bypass for the destination URL that the application is attempting to contact, this can be found in the access log, but as the KB referenced above, it could be in the range of: 64.68.96.0-64.68.127.255, which translates to the follow in terms of MWG shell expressions: 64.68.9[6-9].*, 64.68.1[0,1][0-9].*, 64.68.12[0-7].*

               

              In a direct proxy setup you should be able to enter in a Global Certificate List/Certificate List entry for 'webex.com' by Host, and Tunnel under the SSL Scanner tab.

               

              Again if you need immediate assistance support will be able to work through the issue with you.

               

              Best Regards,

              Jon Scholten

              • 4. Re: Cisco Webex session
                DBO

                OK, when you say « a bypass for the destination URL for 64.68.9[6-9].*, 64.68.1[0,1][0-9].*, 64.68.12[0-7].*», at what section of WebWasher are you refering?  There is too many places to do something similar so you have to be very specific.

                 

                We have deployed WebWasher but are fighting issues that didn't show up in the tests like applications doing their own FTP, Application trying to access the Internet without using the proxy setting or with their own Proxy setting, etc.  We have to solve those issue one by one...

                 

                Thank you

                • 5. Re: Cisco Webex session
                  Jon Scholten

                  Hello Daniel,

                   

                  When I speak of bypasses, there are a couple of sections:

                  Certificate List - Located under SSL Scanner > Certificate List, this is a policy dependent list which allows you to make exceptions for domains. (as I described above)

                  Global Certificate List - Located under SSL Scanner > Global Certificate List, this is a policy independent list which allows you to make exceptions for domains.

                  URLs in the Global Certificate List/Certificate List enter the ICAP process and recieve a policy.

                   

                  SSL Scanner bypass, Located under Proxies > HTTPS Proxy, located at the bottom of the screen you can enter domains/IPs to exempt from entering the ICAP process altogether.

                   

                  There is also the option of bypassing for the category which can be done under SSL Scanner > Scan Encrypted Traffic, then check the box for 'Tunneling by Category', then select 'Web Meetings' or 'Remote Access' category and set the tunneling behavior to 'Bypass SSL Scanner'.

                   

                  Best Regards,

                  Jon Scholten

                  • 6. Re: Cisco Webex session
                    jspanitz

                    Here is what we did.  We have a custom category called "SSL Bypass".  We used the Extended List Manager and reclassified webex.com as being in the SSL Bypass category.  We then added the SSL Bypass category to the SSL Scanner -> Scan Encypted Traffic -> Tunnel By Category section and checked the box marked "Bypass SSL Scanner".

                     

                    John