Has anyone had experience with whitelisting Adobe Creative Cloud using a Cisco WSA (S300V)? I have been working with TAC all day and we are not making any progress.
If a user is behind the proxy, adobe no loady nothin, not even a proxy block page (every other website loads fine). If I take the proxy off, then yay everything is happy and adobe loads great.
If I look in the firewall, I can see connections from us to adobe being allowed. I can see these connections being allowed regardless if someone is behind the proxy or not. If they are behind the proxy, I just see the proxy IP and a bunch of allowed statements for adobe.
In the WSA we have made a specific adobe group for a custom URL bypass, and I put in EVERY imaginable adobe website in there. There is a full list on adobe.com and I put every.single.one. of them in there. The Cisco TAC person also put this policy in a nodecrypt policy apparently. Still no luck.
This is becoming my new nightmare as we just recently moved ALL of our adobe products to the cloud subscription service. People are excited for this change let me tell you.
Edit: TAC Just got back to me again, and is saying:
Adobe Creative Cloud desktop application is using HTTP Range headers for download. By default range request header is not forwarded from WSA appliance to destination server, and this could be why the requests are failing. To work around this problem, please enable WSA to handle HTTP range requests.
No comments:
Post a Comment