Allow GoTo Software through a Smoothwall

Article #: Product Castle
  Guardian All

Note: This knowledge base article has been written using information provided by LogMeIn support.

Summary

This article shows you how to allow GoTo Services to work through a Smoothwall.

Problem

GoTo services, such as GoToMeeting, have trouble connecting whilst going through your Smoothwall

Solution

A category has been released for GoTo Services, putting this into a Do Not Inspect policy, as well as configuring your firewall correctly should allow the GoTo Software suite to work as expected.

To add this category to a Do Not Inspect policy go to Guardian > HTTPS Inspection > Manage policies and create a policy using the configuration shown below:

  • Who: Everyone*
  • What: GoTo Software
  • Where: Everywhere*
  • When: Always*
  • Action: Do Not inspect*

* Change Who, Where, When, and Action as appropriate.

Click Confirm, review the new policy settings and click Save.

Note: Make sure your Do Not Inspect policy is above other HTTPS inspection policies.
You will also have to make sure that the interface being used Allows transparent HTTPS incompatible sites and filter others using name from certificate.
SIP Network Application Helper will need to be turned on in Network > Settings > Advanced. In the Network application helpers section select SIP and click Save Changes.

Firewall requirements:

You will also have to allow access through certain ports on your firewall for GoTo products to work, the ports are shown below:

TCP ports: 8200, 443 and 80

UDP ports 8200 and 1853

Additionally, GoToMyPC, GoToAssist and GoToWebinar require TCP & UDP Port 8200/1853 and TCP Port 5060.

Firewall rules:

If you have a Smoothwall Firewall you can do this by going to: Network > Firewall > Firewall rules adding a rule like the one shown below:

Name: GoToSoftware

Source IP addresses: As required*

Inbound interfaces: As required*

Destination IP addresses: As required*

Outbound interfaces: As required*

Services: Create > New Service > Name: GoToSoftware, Protocol: TCP & UDP, Port: 8200, 1853, click Add Item

Groups: As required*

Action: Accepted

Once you have completed the Firewall rule entry, click Save Changes.

Next, add the SIP port to that firewall group, go to: Network > Settings > Service object manager > GoToSoftware > Edit

Add New Service: TCP : 5060 and click Save Changes.

Repeat these steps for the XMPP service manager object, adding the new service for TCP 5222.

Note: You will need to add a GoTo Software Suite category into a Web Proxy Authentication Exception by going to Web Proxy > Authentication > Exceptions and Add the GoTo Software Suite.

LogMeIn Article: https://support.logmeininc.com/article/g2m060010?c_prod=care&c_name=iph

Attribution:

Last updated: Author: Contributions by:
24th April 2018 Patrick Gleeson