No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Access Through Bluecoat Proxy running DLP

This question is answered This question is answered

When running Outlook or Lync client through a Bluecoat proxy that is running DLP, the clients drop the connection. Suspect clients think this is a MITM attach since the DLP is swap SSL certs to do the encryption so that it canplay big brother. Anyone else having same issue?

Verified Answer
  • Additionaly, with Bluecoats, you may need to allow the executable through the BC Proxy along with the URL's. I know in BPOS v1, to get the sign in client to work, you had to allow signin.exe to pass through the proxy as well.

    This is worth looking at in your instance as well Tom.

    - Richard Rodgers

All Replies
  • What is the exact error (or, reason for dropping the connection) that the Bluecoat proxy is giving?

  • They have to open up access to the services that DirSync, Lync, Outlook and the old Sign In Client (SIC) talk to;

    locationservice.microsoftonline.com

    provisioning.noam.microsoftonline.com

    This has been pretty well documented in the past, I think my original post on this was Fall of 2008 and specific to Bluecoat, Spring 2009.

  • For Lync:

    1.) Please run Data Collection and Network Diagnostics in MOSDAL

    2.) Ensure the following protocols and ports are open by reviewing the Network_Diagnostics\PortQry folder from the MOSDAL results.

    Port Protocol   Notes

    5060 TCP (SIP) Used by Microsoft Lync 2010 for SIP communications internally.

    5061 TCP (SIP) Used by Microsoft Lync 2010 for SIP communications internally and for SIP/MTLS authentication of A/V users.

    Communications flow outbound through the internal firewall.

    443 TCP (HTTP) Used by Microsoft Lync 2010 clients connecting from outside the intranet for SIP communications.

    1024-65535 UDP/TCP Port range used for inbound and outbound media transfer through the external firewall.

    6891-6901 TCP Port ranged used by Microsoft Lync 2010 for file transfer.

  • Additionaly, with Bluecoats, you may need to allow the executable through the BC Proxy along with the URL's. I know in BPOS v1, to get the sign in client to work, you had to allow signin.exe to pass through the proxy as well.

    This is worth looking at in your instance as well Tom.

    - Richard Rodgers