When configuring the Sophos Web Appliances in Transparent Mode, you have to make sure that you exclude the IP Subnet’s for Citrix’s GoToMeeting, GoToAssist, GoToWebinar, GoToPC, and future project deployments involving their servers. Here is the site to find those blocks of subnets:
http://www.citrixonline.com/iprange
If you look at my other post on configuring WCCP and the ASA, you can see how the config below is working. You have to DENY those Citrix IP Blocks FIRST, then do you’re PERMITS. This will basically tell the ASA to not send those IP Blocks to the Sophos Web Appliance. This is where you can also exclude users, hosts, servers from using the Sophos Web Appliance.
access-list wccp_proxy_hosts extended deny ip any 216.115.208.0 255.255.240.0 access-list wccp_proxy_hosts extended deny ip any 216.219.112.0 255.255.240.0 access-list wccp_proxy_hosts extended deny ip any 66.151.158.0 255.255.255.0 access-list wccp_proxy_hosts extended deny ip any 66.151.150.160 255.255.255.224 access-list wccp_proxy_hosts extended deny ip any 66.151.115.128 255.255.255.192 access-list wccp_proxy_hosts extended deny ip any 64.74.80.0 255.255.255.0 access-list wccp_proxy_hosts extended deny ip any 202.173.24.0 255.255.248.0 access-list wccp_proxy_hosts extended deny ip any 67.217.64.0 255.255.224.0 access-list wccp_proxy_hosts extended deny ip any 78.108.112.0 255.255.240.0 access-list wccp_proxy_hosts extended deny ip any 68.64.0.0 255.255.224.0 access-list wccp_proxy_hosts extended deny ip any 206.183.100.0 255.255.252.0 access-list wccp_proxy_hosts extended deny ip any 173.199.0.0 255.255.192.0 access-list wccp_proxy_hosts extended permit ip 10.200.10.0 255.255.255.0 any access-list wccp_proxy_hosts extended permit ip 10.200.15.0 255.255.255.0 any access-list wccp_proxy_hosts extended permit ip 10.200.71.0 255.255.255.0 any access-list wccp_proxy_hosts extended permit ip 10.200.100.0 255.255.255.0 any access-list wccp_proxy_hosts extended permit ip 10.200.200.0 255.255.255.0 any