How do I get LogMeIn Rescue to work with Blue Coat's Cloud service?


<< Back to Knowledge Search

Solution

Overview

I am unable to get LogMeIn Rescue to work with Blue Coat's Cloud service
What do I need to do in order to allow LogMeIn Rescue to work with the service?

Cause
Resolution

The solution to deploy will vary depending on how you write your policy and if you have SSL intercept enabled or not.  Please do one of the following solutions depending on how you want to deploy for your environment:

 

SOLUTION #1:  SSL intercept disabled; enabling access by category

This solution requires that you have SSL intercept disabled.  (SSL intercept is by default disabled n the Cloud.)  You should also allow the following categories:

Remote Access Tools (for LogMeIn domains)
Computers/Internet (for Akamai domains used by LogMeIn)
Non-viewable (for Google analytics)

 

SOLUTION #2:  SSL intercept disabled; allowing specific domains used by LogMeIn

This solution requires that you have SSL intercept disabled.  (SSL intercept is by default disabled in the Cloud.)  If you are blocking the Remote Access Tools, Computers/Internet, or Non-viewable categories, you should allow the following domains:

logmein123.com
logmeinrescue.com
logmein.com
logmein-gateway.com
ocsp.thawte.com
google-analytics.com
globalsign.com

 

SOLUTION #3:  SSL intercept enabled; enabling access by category

1.)  Make sure you have the Cloud SSL Root certificate installed on your workstations.  If you do not, you will receive SSL certificate warnings from your web browser.
2.)  Allow the categories found in solution #1 above. 
3.)  In the portal, go to Service > Network > SSL > Pass Through Destinations > Pass Through IPs/Subnets
4.)  Click on the "Add Pass Through IPs/Subnets" button and add 216.52.233.0/24
5.)  Click on the Activate button.
6.)  Test

 

SOLUTION #4:  SSL intercept enabled; allowing access by domains used by LogMeIn

1.)  Make sure you have the Cloud SSL Root certificate installed on your workstations.  If you do not, you will receive SSL certificate warnings from your web browser.
2.)  Allow the domains found in solution #2 above.  You may also need the IP address ranges found in the ADDITIONAL INFORMATION section below.
3.)  In the portal, go to Service > Network > SSL > Pass Through Destinations > Pass Through IPs/Subnets
4.)  Click on the "Add Pass Through IPs/SUbnets" button and add 216.52.233.0/24.  Also need to add 64.94.18.0/24 to the list.
5.)  Click on the Activate button.
6.)  Test

 

ADDITIONAL INFORMATION:

When you are writing advanced content filtering policy, if you are blocking Remote Access Tools category, you will need to add the following IP addresses to your allow rule:

64.74.103.0/24
64.94.18.0/24
64.94.46.0/23
69.25.16.0/20
70.42.156.0/23
74.201.64.0/20
74.201.74.0/23
77.242.192.0/20
212.118.234.0/24
216.52.233.0/24
 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB5189
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      Cloud Security Service
Topic      Content Filtering, Content Management, Policy Management, SSL / HTTPS
Article Number      000010428
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat