KB Article | Forcepoint Support

Notes & Warnings

For more details, see Bypassing authentication settings.
 
  • Web-enabled applications may fail to initiate or even display a logon prompt. For Webex sessions, this is due to Webex not supporting NTLM identification.
  • This issue also applies to other web-enabled programs such as GoToAssist and GoToMeeting.
  • For a current list of all ports, IP ranges and additional domains used by Webex, see Network Requirements for Cisco Webex.
  • For GoTo products such as GoToMeeting, GoToAssist and others, see Optimal Firewall Configuration and Whitelisting and LogMeIn FAQ for a list of current GoTo and LogMeIn URL ranges.

If not using Web Security Cloud but instead are using an on-premises solution, see Connecting to GoToAssist and other LogMeIn collaboration products

Problem Description

Why are web applications not working when going through Forcepoint Web Security Cloud? Issues occur with:
  • Requiring authentication
  • Display a welcome page before authentication
  • Using NTLM transparent identification

 

Resolution

When using Forcepoint cloud services, Web enabled applications (such as Webex) can fail to initiate sessions or display logon prompts. For this article, the example used is for Webex. When dealing with a different application, locate the domains for the application and substitute the "webex.com" entries for those domains. There may be multiple domains associated with any one application. 

To correct this behavior for Webex, you can disable authentication for users connecting to the URL webex.com. Alternatively, you can disable the welcome page. This allows using basic authentication if you still want to report on users connecting to the site.
 
 To disable authentication for websites:
  1. Log in to the Security Portal.
  2. Select Web > Settings > Bypass Settings > Authentication Bypass > User Agent & Destinations > Add.
  3. Enter a Name. This name appears in the Authentication Bypass list on the Bypass Settings page.
  4. In the Authentication method drop-down menu, select No authentication.
  5. Leave the Content filtering option set to Enabled.
  6. For User-Agent, select No user agent.
  7. Paste the following URLs into the Apply to Destinations text box:
  • *.webex.com
  • *.webex.com:443
 
Important Enter each URL or domain on a separate line. 
 
URLs must include the protocol portion (http://) at the beginning and a forward slash (/) at the end – for example, http://www.google.com/. If these elements are not present, the string is treated as a domain. Domains cannot include a forward slash at the end – for example, mydomain.com.
 
Use the asterisk wildcard to match one line to multiple destinations: for example, entering *.mydomain.com would match against all domains ending in ‘mydomain.com'. 
 
  1. Click the Submit button.
  2. If you are blocking the Web Collaboration category, add "webex.com" to a custom category with the Allow Access disposition.
  3. It may take up to several minutes for your changes to propagate to all data centers. After a few minutes, test to confirm you can initiate a session.

 
To use a logon prompt instead of the welcome page, do the following:

  • Repeat the steps above with one exception. In step six above, for the Authentication drop-down box, select Basic.





Keywords: cloud portal; authentication bypass; auth bypass; webex; gotoassist; gotomeeting

Article Feedback



Thank you for the feedback and comments.