We have several systems on our network that utilize a hosted service to check gift card balances, etc. These devices normally use a custom TCP port to access the hosted server w/o issue.
However, occasionally these devices attempt to verify the hosted provider's server's certificate and hit TCP 80 (which we redirect to our Ironport) by sending a request to Verisign's CRL servers. This causes the Ironport to force an authentication requirement and causes the devices to fail.
Has anyone come up with a strat to deal with this? There are too many addresses within Verisign's CRL server list to add manually (and querying the A records isn't possible).
I've tried manually bypassing auth for the following but it still fails 1/2 the time (until the terminal attempts to connect to one of the allowed systems).