How do I allow Logmein®123

Article #: Product Castle
1861 / KB-78 Guardian All

Problem

The Logmein123 application reports errors

Solution

You will need to exclude the Logmein123 application from HTTPS Decrypt and inspect, and Authentication.

Although the Logmein URLs are part of the Remote Desktop category, you need to add them to a custom category so as not to affect operations of similar applications.

When configuring security protocol, it is recommended to allow the LogMeIn URLs to ensure that a connection to all components of LogMeIn is permissible (updating the application, communicating status events such as when online, offline, and so on). The client-to-host connection uses peer-to-peer connections, encrypted within a 256-bit AES tunnel. The services themselves communicate using port 443 (HTTPS/SSL), so no additional ports need to be opened within a firewall.

  1. Create a custom category with the following URLs:
    • logmein.com — LogMeIn's main site
    • logmeinrescue.com — Powers the LogMeIn Rescue service
    • logmeinrescue-enterprise.com — Powers account specific Rescue features (not needed on normal accounts)
    • logme.in — LogMeIn common login service allowing login to LogMeIn.com, join.me, and cubby.com
    • hamachi.cc — Powers the LogMeIn Hamachi service
    • internapcdn.net — Powers updates to multiple LogMeIn products.
    • LogMeIn123.com — Site used to connect to a LogMeIn Rescue technician
    • 123rescue.com — Site used to connect to a LogMeIn Rescue technician
    • support.me — Site used to connect to a LogMeIn Rescue technician
    • join.me — LogMeIn's screen sharing service
    • cub.by — Redirects back to Cubby services
    • cubby.com — LogMeIn's cloud storage and syncing service
    • apprep.smartscreen.microsoft.com
    • secure.logmeinrescue.com
    • login.microsoftonline.com
    • symcb.com
  2. Create a Do not inspect HTTPS inspection policy, where the What is the custom category created in step 1.
  3. Add the custom category created in step 1 to Web proxy > Authentication > Exceptions.
  4. Smoothwalls running the Carisbrooke Castle Release or later should do the following:
  5. If you have a transparent authentication policy (in Web proxy > Authentication > Manage policies) for the interface processing LogMeIn traffic, add the following changes:

    • Behavior — Allow Transparent HTTPS incompatible sites and filter others using name from certificate

    else create a new transparent authentication policy, on the relevant interface, containing the above.

Attribution:

Last updated: Author: Contributions by:
27th February 2017  

DMT

SK

SN