GoTo services, such as GoToMeeting, have trouble connecting whilst going through your Smoothwall with HTTPS inspection in use.
This article will show you how to allow GoTo Services to work through a Smoothwall.
It has been written using information provided by LogMeIn support: Allowlisting and Firewall Configuration for GoTo Meeting
A category has been released for GoTo Services, putting this into a Do Not Inspect policy, as well as configuring your firewall correctly should allow the GoTo Software suite to work as expected.
Add this category to a Do Not Inspect policy, see our help topic, Creating HTTPS inspection policies:
- Go to Guardian > HTTPS Inspection > Manage policies and create a policy using the configuration shown below:
- Who: Everyone*
- What: GoTo Software
- Where: Everywhere*
- When: Always*
-
Action: Do Not inspect*
* Change Who, Where, When, and Action as appropriate.
- Click Confirm, review the new policy settings and click Save.
Note: Make sure your Do Not Inspect policy is above other HTTPS inspection policies.
You will also have to make sure that the interface being used Allows transparent HTTPS incompatible sites and filter others using name from certificate.
SIP Network Application Helper will need to be turned on in Network > Settings > Advanced. In the Network application helpers section select SIP and click Save Changes.
Firewall requirements:
Allow access through the following ports on your Firewall for GoTo products, see our help topic, Adding new Smoothwall Firewall rules:
- TCP ports:
8200
,443
and80
- UDP ports
8200
and1853
- Additionally, GoToMyPC, GoToAssist and GoToWebinar require TCP & UDP Port
8200
/1853
and TCP Port5060
.
Go to Network > Firewall > Firewall rules and add a rule like the one shown below:
-
- Name: GoToSoftware
- Source IP addresses: As required*
- Inbound interfaces: As required*
- Destination IP addresses: As required*
- Outbound interfaces: As required*
-
Services:
-
Create > New Service.
- Name: GoToSoftware,
-
Protocol: TCP & UDP, Port:
8200
,1853
,
- click Add Item.
-
Create > New Service.
- Groups: As required*
- Action: Accepted
- Once you have completed the Firewall rule entry, click Save Changes.
- Next, add the SIP port to that firewall group:
- Go to: Network > Settings > Service object manager > GoToSoftware > Edit
-
Add New Service: TCP :
5060
and click Save Changes.
- Repeat these steps for the XMPP service manager object, adding the new service for TCP
5222
.
Note: You will need to add a GoTo Software Suite category into a Web Proxy Authentication Exception by going to Web Proxy > Authentication > Exceptions and Add the GoTo Software Suite.