LogMeIn is not working through ProxySG.

book

Article ID: 166696

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 When trying to connect to a remote host using LogMeIn, connections are never established when intercepted by ProxySG.

This happens when the following are true:

  • The ProxySG has a valid SSL license
  • Either service port 443 is set to intercept SSL or in explicit mode HTTP service has detect protocol enabled

The problem happens because when connecting to a remote host using LogMeIn, there is a connection made by the client to a server on TCP port 443 that is not actually using SSL protocol. When the ProxySG detects this, it breaks the connection and logs an error to the event log as shown below:

2011-09-09 11:09:51-04:00EDT  "Non-SSL client protocol detected(error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol)"  0 300000:1   sslproxy_worker.cpp:3051

Resolution

 For explicit mode  -

Disable protocol detection for requests to the logmein.com domain. Use the steps below to install the CPL example:

  1. Go to ProxySG Management Console>Configuration>Policy>Policy Files>Install local file from:
  2. Select Text Editor from the drop-down list
  3. Click Install
  4. Paste the following CPL to the bottom of the text editor

    <proxy>
    url.domain=logmein.com detect_protocol(none) allow
     
  5. Click Install
To configure this in the VPM:
  1. Add a rule in a new or existing Web Access Layer
  2. In this rule, right-click in the destination field and choose Set, click New and select Request URL...
  3. In the Simple Match field, enter: logmein.com
  4. Click OK
  5. Right-click in the action field and choose Set, click New and select Disable SSL Detection...
  6. Leave "All Tunneled Traffic" selected and click OK, and then OK in the Set Action Object dialog box
  7. Click Install Policy

 

For transparent mode (only) - 

Create a TCP tunnel service for the subnet that belongs to LogMeIn where the server in question resides. 

  1. Go to ProxySG Management Console>Configuration>General>Achive>Archive Configuration>Install Configuration From: 
  2. Select Text Editor from the drop-down list
  3. Click Install
  4. Delete all the existing contents in the Text Editor (Ctrl A, Del)
  5. Paste the configuration as shown below

    proxy-services ;mode
    create tcp-tunnel "LogMeIn"
    edit "LogMeIn" ;mode
    add all 216.52.233.0/24 443 intercept
    exit


     
  6. Click Install