Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Watchguard Firebox Edge and how to configure it to allow Microsoft Windows Updates

Posted on 2008-06-11
11
Medium Priority
?
1,161 Views
Last Modified: 2010-04-21
Can't get Microsoft Windows Updates to pass through my Firebox Edge.  Thoughts?

Here's an error message that I see frequently on the log:
deny in eth0 40 tcp 20 255 64.4.21.61 xx.xxx.xx.xx 80 38532 ack rst (Non-est TCP)
0
Comment
Question by:atroutcatcher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21766010
Have you enabled HTTP proxy on Edge; if yes, then you can create a service to allow connection from internal network to the the microsoft update server (all of them, public IP address); sometimes the proxy might prevent traffic.

The log you have posted indicates that the packet has come from internet when the session is not established.

Can you provide some details if you have proxy enabled or not.

Thank you.
0
 
LVL 1

Author Comment

by:atroutcatcher
ID: 21766170
Hi and thank you.

The HTTP proxy IS enabled on the Edge.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21768456
Would it be possible for you to disable HTTP proxy or create custom service to allow traffic to Microsoft update servers?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 1

Author Comment

by:atroutcatcher
ID: 21769517
I will gladly try it.  Do you have the specifics on what to setup?  

The Windows Update servers seem to constantly rotate and/or change.

Please advise about how to configure for the services to work.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 21770882
From the navigation bar, select Firewall > Outgoing; Edit HTTP. From the Edit Policies page, select the Outgoing tab; set Incoming Filter drop-down list to Allow; in From leave it to Any; in the To field add all the microsoft server public IP addresses one by one; click Submit.

This service would have precedence over the HTTP proxy for outbound traffic to microsoft update servers.

Please implement and update.

Thank you.
0
 
LVL 1

Author Comment

by:atroutcatcher
ID: 21837611
Update:

I've been adding IP addresses as you suggest, but the IP addresses change EVERY time I attempt the download of an update.  Thus, this scheme could take months to finish.  Is this correct?

Also, is there a list of the public Microsoft servers somewhere?  Or is this information protected?

Maybe this system is not the one I should be using?  Not only are Windows Updates not coming through, but the Adobe players won't download either.

Thanks for your help.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 21839835
Yes it can take long to add each and every IP address; but if you have a single machine which should download all the download and then distribute it to all the internal server; then we can open all the traffic for this server only; configure service as below instead:
From ip-address-of-internal-server; To ANY

please note for the above machine there would be no filtering at all.

Please see if this help you.

Thank you.
0
 
LVL 1

Author Comment

by:atroutcatcher
ID: 22037230
Update - still working on this.  Still haven't been able to get the flow of information to work properly and/or consistently.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22037535
I am sorry, I know the solution is not the most elegant one; but this is all what we can do.
0
 
LVL 1

Author Closing Comment

by:atroutcatcher
ID: 31466350
Thanks.  Lengthy process but it appears to be working.  Best regards.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22178051
Happy I could be assistance! :)
0

Featured Post

Enhanced Intelligibility Without Cable Clutter

Challenge: The ESA office in Brussels wanted a reliable audio conference system for video conferences. Their requirement - No participant must be left out from the conference and the audio quality must not be compromised.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Monitor input from a computer is usually nothing special.  In this instance it prevented anyone from using the computer.  This was a preconfiguration that didn't work.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question