Howto fix LogMeIn connection issue with bluecoat ProxySG

When trying to connect to a remote host using LogMeIn, connections are never established when intercepted by ProxySG.

This happens when the following are true:

The ProxySG has a valid SSL license
Either service port 443 is set to intercept SSL or in explicit mode HTTP service has detect protocol enabled

The problem happens because when connecting to a remote host using LogMeIn, there is a connection made by the client to a server on TCP port 443 that is not actually using SSL protocol. When the ProxySG detects this, it breaks the connection and logs an error to the event log as shown below:

2011-09-09 11:09:51-04:00EDT “Non-SSL client protocol detected(error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol)” 0 300000:1 sslproxy_worker.cpp:3051

Resolution

For explicit mode

Disable protocol detection for requests to the logmein.com domain. Use the steps below to install the CPL example:

Go to ProxySG Management Console>Configuration>Policy>Policy Files>Install local file from:
Select Text Editor from the drop-down list
Click Install
Paste the following CPL to the bottom of the text editor

<proxy>
url.domain=logmein.com detect_protocol(none) allow

Click Install

For transparent mode

Create a TCP tunnel service for the subnet that belongs to LogMeIn where the server in question resides.

Go to ProxySG Management Console>Configuration>General>Achive>Archive Configuration>Install Configuration From:
Select Text Editor from the drop-down list
Click Install
Delete all the existing contents in the Text Editor (Ctrl A, Del)
Paste the configuration as shown below

proxy-services ;mode
create tcp-tunnel “LogMeIn”
edit “LogMeIn” ;mode
add all 216.52.233.0/24 443 intercept
exit

Click Install

Sponsored Link

Leave a comment

Your email address will not be published. Required fields are marked *