TMG filtering access to Webex and GoToAssist services

[TheCrust]

We have our own non-RBC Internet connection, and use a Forefront TMG box with the web protection service (amongst other bits) for filtering and logging of outbound Internet requests.

We also rely on support contracts with Capita (for SIMS) and PS Financials (for our finance software) that use the likes of Webex and GoToAssist remote-control services when support agents need to provide assistance.

None of them can be got to work - despite the access rules on the TMG box allowing the use of traffic on ports 80 and 443. I've even defined specific port allowances (such as 8200) as listed on manufacturors websites, but nothing I do seems to make any difference.

I suspect TMG's packet inspection mechanism might be getting in the way but TMG isn't really logging anything about the client's attempts to initiate a remote support session, beyond the occasional "connection reset by peer" error code in the web proxy log (10054). And although that's a start, it's not much help!

Does anyone have suggestions as to where the problem might be? Or even have a similar TMG setup, using similar remote software successfully, and wouldn't mind talking through their configuration - via PM or on the phone if you feel more comfortable - so I can sanity-check my own?

Thanks in advance!

[grant_girdwood]

You'll need to allow the CIDR notations that they use.

http://www.citrixonline.com/iprange

[TheCrust]

Thanks - had already tried that but it hadn't made any difference.

The solution in the end was related to the packet inspection TMG performs - for some reason it really didn't like access to the servers that host GoToAssist. Defining the domain names as exclusions in the malware and HTTPS inspection services sorted the issue with GoToAssist.

Not yet sure about Webex as Capita won't even attempt a test connection unless we have a call outstanding that warrants remote support - but I imagine it is the same issue causing it so, hopefully, the same fix.

[ZeroHour]

Have you installed the TMG firewall client on the box?
It will allow you to get around any possibly authentication problems and it should be on the TMG server (to install from, not installed on) as a share I think.

[TheCrust]

I haven't - don't use the TMG client at all to be honest and due to workload I don't have the time to evaluate using it either

The malware and HTTPS inspection rule exceptions seem to have sorted it for the moment, but thanks for the suggestion.

[ZeroHour]

Its an msi at least but certainly if you have any more issues its worth a try especially with older apps.