Did you check the citrix ip range enabled in ssl scanner?
Hi Stifi -
You can refer to this thread - specifically comment #13 from sgoers:
"The best practice is to use a McAfee subscribed list, allowing McAfee to manage the IP range"
Here is our Best Practices guide about McAfee Maintained Subscribed Lists and how to use them:
I'm aware about that mcafee managed ip list. However since I'm not interested to have a remote session with citrix but wich mcafee for example this list will be pretty useless to me. So my plan would be to bypass the ssl scanner for such traffic based on the user agent, which identifies the client, if that would be possible.
Will ask mcafee to arrange a remote session to me so I can figure out if there exists such a gotassist dedicated user agent which I could trigger on. Will come back with the results.
As far as I know this won't work. The User-Agent header is sent (if it is sent at all) within the SSL tunnel. But once we enable SSL Scanner to look into the SSL tunnel the traffic will no longer work.
So what we would need is decrypt SSL, look into the data, find a User-Agent header (or anything else that explicitly identifies the traffic), then not decrypt SSL. Since we already decrypted SSL we cannot go back to not decrypt SSL.
You may give it a try and let me know the outcome, so far I wasn't able to find a better solution than destination IP based whitelists.
Guys you were all right. There is no user-agent on which I could trigger on for a rule since the http header is of course encrypted. And yes, since I have also adviced by mcafee support to integrate that McAfee subscribed list and is perfectly fine working I'm done.
Many thanks for your hints.