Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anyone know how to make exceptions for Splashtop?

Hello, 

At work I have a situation that Sophos Support has been unable to resolve.

We use Addigy as our RMM for Apple devices, to have remote connections it uses Splashtop.

We have not able able to add sufficient exceptions or maybe I am doing it in the wrong place or incorrectly. Unless I turn off decryption under

Rules>TLS/SSL Decryption> we are not able to use Splashtop. 

Anyone else use Splashtop and know what exceptions I need to setup and where?



This thread was automatically locked due to age.
  • Hi,

    is it an Apple site, if so you will need to disable https scanning?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello ,

    Thank you for reaching out to the community, ensure Port 443 is open from the upstream appliances/devices if any including ssl and non-ssl traffic.
    You can create an exception list for Splashtop: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Exceptions/index.html
    =================================================================================
    Below is the list of 
    Splashtop except on list:

    ^([A-Za-z0-9.-]*\.)?api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?relay\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?update-g3\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?update\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?sn\.splashtop\.comst-v3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-v3-g3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-v3-src\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-v3-src-g3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-relay-v3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-relay-v3-g3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-lookup-v1\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-lookup-v1-g3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-premium-v3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-premium-v3-g3\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-v3\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-v3-g3\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-v3-src\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-v3-src-g3\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-relay-v3\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-relay-v3-g3\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-premium-v3\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-premium-v3-g3\.api\.splashtop\.eu/
    ^([A-Za-z0-9.-]*\.)?st-lookup-v1\.api\.splashtop\.com/
    ^([A-Za-z0-9.-]*\.)?st-lookup-v1-g3\.api\.splashtop\.com/
    ==============================================================================
    Add those above urls under the URL Pattern matches one by one and ensure Skip the selected checks or actions as show in the screenshot below:

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hello there,

    Thank you for the information, i believe some of those I did not have before in my exception. 

    I am still not able to use Splashtop while SSL is enabled. 

    Still need a way to disable SSL for Splashtop

    Any other suggestions?

  • Hi,

    have you disabled audio and video scanning in web extras?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • i believe some of those I did not have before in my exception. 

    Splashtop uses “Web Socket Protocol” which is currently not supported with SF OS.

    Due to this reason with HTTPS scanning Splashtop may not work behind the XG and as in work-around, you need to add the Splashtop Web URL in bypass via FQDN based rule or with web exception rule with separate category guided by  Vivek Jagad 

    Results before and after exceptions added 

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • That website has always been green checkmark for us

    https://www.splashtop.com/check

    It's unreliable. Our remote desktop using splashstop does not work even if it is displaying all green. We must leave the network and then it works immediately.  

    I have not disabled this. Where would this be under? I do see audio and video under Web>File Types

    BUt I do not believe this is what you are referring to.

  • Hi Christian,

    please see below.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you!

    You must be on a different subscriptions or higher end firewall. We do not have that option or we have not enabled the necessary dependencies. 

  • Yes, you do, it is in the advanced settings which I have shown expanded.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.