Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spotify and "Decrypt & Scan HTTPS"

Hi.

When I use Decrypt & Scan HTTPS in my firewall, spotify web site (I did not try the app) stops playing.

I cannot find a workarround how to exclude those to allow the play.

I can reach the site, I can logon, but play won't work.

The logs show all "green".

I did install the certificate in the workstation (no alerts when I use https)

Thanks,



This thread was automatically locked due to age.
Parents
  • Hi ,

    You could try to create a FQDN host for Spotify and use wildcard * > *.spotify.com to resolve all subdomains.

    Tried for two minutes and these are the results after connection established with website and webplayer :

    FQDN IP Address
    pixel-static.spotify.com 104.199.64.136
    gew-dealer-ssl.spotify.com 35.186.224.45
    gew-dealer.spotify.com 35.186.224.45
    apresolve.spotify.com 104.199.64.136
    api.spotify.com 35.186.224.53
    open.spotify.com 104.199.64.136
    global-dealer-ssl.spotify.com 35.186.224.47
    pixel.spotify.com 104.199.64.136
    gew-spclient.spotify.com 35.186.224.53
    weblb-wg.dual-gslb.spotify.com 104.199.64.136
    wg.spotify.com 35.186.224.53
    spclient.wg.spotify.com 35.186.224.53
    dealer.spotify.com 35.186.224.47

    From there you could try to figure out how to get on..........well the answer is : create an web exception ''spotify.com'' and exclude these :

    HTTPS Decryption
    Malware and Content Scanning
    Sandstorm
    Policy Checks
     
    Create a new rule on top for Spotify and use the Spotify FQDN host to connect to ( all subdomains are resolved automatically ) , and of course do not check Scan and Decrypt HTTPS
     
    Then Spotify webplayer works > 
Reply
  • Hi ,

    You could try to create a FQDN host for Spotify and use wildcard * > *.spotify.com to resolve all subdomains.

    Tried for two minutes and these are the results after connection established with website and webplayer :

    FQDN IP Address
    pixel-static.spotify.com 104.199.64.136
    gew-dealer-ssl.spotify.com 35.186.224.45
    gew-dealer.spotify.com 35.186.224.45
    apresolve.spotify.com 104.199.64.136
    api.spotify.com 35.186.224.53
    open.spotify.com 104.199.64.136
    global-dealer-ssl.spotify.com 35.186.224.47
    pixel.spotify.com 104.199.64.136
    gew-spclient.spotify.com 35.186.224.53
    weblb-wg.dual-gslb.spotify.com 104.199.64.136
    wg.spotify.com 35.186.224.53
    spclient.wg.spotify.com 35.186.224.53
    dealer.spotify.com 35.186.224.47

    From there you could try to figure out how to get on..........well the answer is : create an web exception ''spotify.com'' and exclude these :

    HTTPS Decryption
    Malware and Content Scanning
    Sandstorm
    Policy Checks
     
    Create a new rule on top for Spotify and use the Spotify FQDN host to connect to ( all subdomains are resolved automatically ) , and of course do not check Scan and Decrypt HTTPS
     
    Then Spotify webplayer works > 
Children
No Data