1 2 Previous Next 17 Replies Latest reply on Jul 10, 2012 3:20 AM by iain.gardiner

    How to use itunes over McAfee Webgateway V7.0

    moros

      Hi everyone,

       

      We just implemented the new version of Webgateway in my company and we are still blocked with a big issue :

       

      How to use Itunes over this new version of Webgateway ?

       

      I didnt found any working solution so I hope that you can help me

       

      Many thanks in advance

      Best regards,

       

      Moros

        • 1. Re: How to use itunes over McAfee Webgateway V7.0
          asabban

          Hello,

           

          what is the exact problem you are encoutering? Is it a problem to download ittunes or has it already been installed and some features do not work as expected?

           

          Can you add some more description on what exactly fails?

           

          Best,

          Andre

          • 2. Re: How to use itunes over McAfee Webgateway V7.0
            moros

            Itunes is already installed on the PC but when I start it a request for login and password to the proxy appears and the program doesnt run.... I tried to add those url below to the global whitelist but it doesn't change anything...

             

            itunes.apple.com

            ax.itunes.apple.com

            albert.apple.com

            gs.apple.com

            phobos.apple.com

            deimos3.apple.com

            • 3. Re: How to use itunes over McAfee Webgateway V7.0
              asabban

              Hello,

               

              the authentication popup is most likely caused by your MWG being setup to require authentication. This should not be an issue if you provide correct credentials. I have tested it on my Lab with a default MWG + NTLM Auth. Once I filled domain\username + a valid password into the popup, access worked pretty well.

               

              To whitelist authentication it seems that a couple of more URL hosts need to be whitelisted, such as below:

               

              Auswahl_473.png

              Additionally iTunes tries to talk to several URLs to get certificate revocation lists to ensure the SSL certificates used are valid. I added my rule set that seems to work on iTunes 10.6 on Windows 7 (64 bit).

               

              You will most likely have to add additional hosts. The errors log will help you to determine URL, URL.Host and/or User-Agents. If you add more, beware of the properties being used (URL.Host or URL).

               

              Best,

              Andre

               

              Nachricht geändert durch asabban on 26.03.12 08:46:04 CDT
              • 4. Re: How to use itunes over McAfee Webgateway V7.0
                Troja

                Hi Moros,

                do you have SSL Scan enabled?? iTunes does not like when you break the SSL traffic.

                Cheers,

                Thorsten

                • 5. Re: How to use itunes over McAfee Webgateway V7.0
                  moros

                  thanks for your both answer

                   

                  @asabban : I tried to put the correct credentials but the popup appears again and again and Itunes doesn't start..... I also tried to add all the url hosts you sent to me in my global whitelist and also in my certificate whitelist for ssl inspection but it's still the same :-/  I saw in you xml file that you're running the MWG 7.2.0.x and my version is 7.1.0.x ... Do you think I should upgrade it to get it works ???

                   

                  @Troja : Yes I have the SSL Scan enabled and if it possible I would like to keeps it active....

                   

                  Best regards,

                   

                  Math

                  • 6. Re: How to use itunes over McAfee Webgateway V7.0
                    asabban

                    Hello,

                     

                    7.2 is not yet available for public use I think. I am running a beta in my lab, so I won´t recommend to upgrade. In my tests I have moved the rule set I shared on top of the policy to prevent even SSL Scanner from being called. If you put the entries to the global whitelist you will remove any filtering anyway, so there is no benefit of keeping SSL inspection active. Also Thorsten is right, iTunes checks the certificate it obtained from the server. If the certificate is not the original one issued by iTunes, it will show an error message and will not proceed.

                     

                    Can you try adding the rule set I added to the top of the policy? Additionally can you check the access.log when you try to access iTunes? There should be requests with a status code of 407, which means that MWG requires authentication. They will cause the popup to occur.

                     

                    What happens when you will in valid credentials, check the "remember credentials" checkbox and procees? Will iTunes start or still keep asking?

                     

                    Best,

                    Andre

                    • 7. Re: How to use itunes over McAfee Webgateway V7.0
                      Troja

                      Hi moros,

                      i tested iTunes on different systems (Bluecoat and so on) where SSL Scan is active. iTunes was never working when SSL Scan is active.

                      Perhaps we can build a spezial Ruleset to get iTunes traffic working.

                       

                      Cheers,

                      Thorsten

                      • 8. Re: How to use itunes over McAfee Webgateway V7.0
                        moros

                        Ok I imported your ruleset on the top of my policy :

                        policy.jpg

                        Itunes keeps asking me for credentials (4 times) but after that the program works perfectly. The problem is that even if I check the "remember credentials" checkbox, when I restart the program the popup reappears.... I add you below the part of the access log when I start Itunes :

                        accesslog.jpg

                         

                        Best,

                         

                        Math

                        • 9. Re: How to use itunes over McAfee Webgateway V7.0
                          asabban

                          Hi Math,

                           

                          can you add the following two entries to the iTunes Host list from the rule set above?

                           

                          Auswahl_474.png

                           

                          Then give it another try and check the access.log.

                           

                          Best,

                          Andre

                          1 2 Previous Next