Inhalt x
    TLS Inspection
    • 15 Aug 2025
    • 1 Minute zum Lesen
    • Drucken
    • Dunkel
      Licht
    • pdf
    Inhalt

    TLS Inspection

    • Aktualisiert am 15 Aug 2025
    • 1 Minute zum Lesen
    • Drucken
    • Dunkel
      Licht
    • pdf
    The content is currently unavailable in German. You are viewing the default English version.
    Artikel-Zusammenfassung

    TLS/SSL Inspection

    Introduction

    This article explains how TLS/SSL inspection affects ScreenMeet Remote Support and how to configure exceptions to ensure reliable and secure operation.

    Impact of TLS/SSL inspection

    • Certificate pinning triggers a “not secure” warning when traffic is inspected, even in trusted corporate environments.

    • Beam (unattended) will not connect when TLS inspection is enabled. This is by design for connection security.

    • Attended sessions may operate but can present false‑positive security warnings and degraded experience.

    Recommended configuration

    Bypass TLS/SSL inspection for ScreenMeet services.

    • Add an exception for all traffic to and from *.screenmeet.com.

    • Apply to port 443 over TCP and UDP where applicable.

    • Confirm policy precedence so the bypass is evaluated before generic decrypt rules.

    Beam connectivity

    Beam (unattended) connections will fail if TLS inspection is active. Implement the bypass before testing Beam.

    Warning example shown to users

    Typical message

    “The connection to the support server may not be secure because of an SSL certificate mismatch. Certificate Issuer: CN=[Your Organization’s Root CA]. Are you sure you wish to continue?”

    Common tools that perform TLS/SSL inspection

    Product

    Reference

    Zscaler Internet Access

    Configuring SSL Inspection Policy

    Blue Coat ProxySG

    See vendor documentation

    Cisco Umbrella

    Enable SSL Decryption

    Palo Alto Networks NGFW

    Configure SSL Inspection

    Fortinet FortiGate

    Certificates Administration

    Action items

    1. Add decrypt bypass for *.screenmeet.com in your inspection tool.

    2. Communicate the requirement to network and security teams.

    3. Retest attended and unattended sessions after policy changes.

    Verification

    1. Start an attended session and confirm no certificate or “not secure” warnings appear.

    2. Start a Beam (unattended) session and confirm it connects successfully.

    3. Inspect logs on the inspection device to ensure traffic to *.screenmeet.com is exempt from decryption.

    Additional notes

    • Basic functionality may work under inspection, but bypass is recommended to avoid warnings and ensure full feature compatibility.

    • If you must temporarily run under inspection, advise agents and users about expected warnings.

    References

    Conclusion

    Exclude ScreenMeet domains from TLS/SSL inspection to remove false warnings, enable Beam, and ensure full feature support.

    War dieser Artikel hilfreich?
    What's Next
    ESC

    Eddy AI, die die Wissensentdeckung durch Konversationsintelligenz erleichtert