This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
796570686578
Collaborator
‎2021-09-27 04:34 AM

GoToMeeting categorized as LogMeIn?!

Hello,

So we have users complaining that they can't access GoToMeetings anymore. When I checked, I saw that our Application Control is categorizing some gotomeeting.com domains as "LogMeIn" Application and blocks them. We do have the two GotoMeeting Applications whitelisted and it always worked fine until some time ago.

We don't want to whitelist the whole "LogMeIn" Application, since this would allow much more than just GoToMeeting.

I have also checked for Application Control Updates, but it's up to date. R80.40 JHF 119

Do you have any clue why this might be? Is anyone experiencing the same issue, if so how do you handle it?

Thanks

gotmeeting.png
Preview file
265 KB
15 Replies
the_rock
Legend
Legend
‎2021-09-27 05:45 AM

Im glad you pointed that out. because I saw exact same thing on my end as well. Hope it gets fixed!

0 Kudos
796570686578
Collaborator
‎2021-09-27 05:52 AM
In response to the_rock

Thanks for your reply! Glad we are not the only ones. Do you think we should open a ticket for that or are is CP aware of the issue?

the_rock
Legend
Legend
‎2021-09-27 05:53 AM
In response to 796570686578

I would say open the case and let us know what they say, because that is definitely not correct.

0 Kudos
Gary_Scott
Contributor
‎2021-09-27 06:09 AM
In response to the_rock

gotomeeting.com and logmein.com are using the same certificate. 

0 Kudos
the_rock
Legend
Legend
‎2021-09-27 06:15 AM
In response to Gary_Scott

That is true, I noticed that the other day as well, but I dont think that has to be the reason they are categorized the same.

0 Kudos
Gary_Scott
Contributor
‎2021-09-27 06:28 AM
In response to the_rock

When using the certificate to try and categorize a https site I think this is expected. I was able to get this working but only after enabling https inspection and unchecking categorize https websites under the advanced app control & url filtering settings.

the_rock
Legend
Legend
‎2021-09-27 06:42 AM
In response to Gary_Scott

Hm, I honestly did not know that was the case, so THANK YOU! I learned something new today 🙂

0 Kudos
the_rock
Legend
Legend
‎2021-09-27 06:48 AM
In response to Gary_Scott

@796570686578 , did you want to try what @Gary_Scott suggested? I think what he said 100% makes perfect sense.

796570686578
Collaborator
‎2021-09-27 07:26 AM
In response to the_rock

Hey! Thanks for the suggestion, that's definitely a nice workaround but the customer currently doesn't use https inspection so I that's not an option for us. 

0 Kudos
the_rock
Legend
Legend
‎2021-09-27 07:31 AM
In response to 796570686578

Yea...that might be a bit tricky in that case, so Im thinking you may wish to uncheck categorize https inspection option as Gary indicated.

 

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2021-09-28 08:25 AM

Wouldn’t be shocked if they use the same infrastructure since LogMeIn owns GoToMeeting.
In which case, it might be difficult to differentiate between the two, even if you use HTTPS Inspection.

It could also be a false positive on our side, in which case a TAC case is suggested.

0 Kudos
Gary_Scott
Contributor
‎2021-09-28 08:29 AM
In response to PhoneBoy

Thanks Daemon, I did open a case with TAC and it was determined its them not us, and even with https inspection it may/may not work properly. 

796570686578
Collaborator
‎2021-09-29 11:21 PM
In response to Gary_Scott

I opened a case as well and was told to try it with a custom application whitelist the needed URLS or enable  https inspection. In my lab I was able to get it to work by identifying urls with wireshark and adding them to the custom application but in production environment I can still see that for some users http traffic is being categorized as LogMeIn. I didn't  have any http requests in my lab so I guess it depends on the Meeting? Will troubleshoot with a user today and let you know once I know more.

the_rock
Legend
Legend
‎2021-09-30 02:42 AM
In response to 796570686578

That is pretty much what I used to do when I had similar issue...I know its not perfect, but has to be done.

0 Kudos
John-Haynes
Contributor
‎2021-10-04 08:16 AM

We ran into this issue several weeks back and LogMeIn has basically merged their infrastructures entirely.  When signing into a gotomeeting, you are going through the logmein domain/cert now.  As we have several thousand licenses with GoTo, this presented a problem for us.  As a company they would not lift a finger to help us work out a solution.  The only way forward was to move to a competitor.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top