dcadler
asked on
Symantec LiveUpdate blocked by ISA2004
I have an SBS2003 SP2 Premium install with ISA2004 that is running Symantec Endpoint Protection v11.0.4. My LiveUpdates have stopped working. When I monitor ISA2004 for denied connections, I see requests from Symantec servers denied with unidentified IP traffic.
I am not sure what has changed. This was working.
Anyone have any ideas?
I am not sure what has changed. This was working.
Anyone have any ideas?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Since ISA is saying unidentified IP traffic, can you change the rule to allow all outbound protocols and try again? I would also like to see the ISA logs for these attempts.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Raj-GT, I opened up the rule to allow all outbound protocols and runing LiveUpdate from within SEPM still failed.
I beloieve now that the issue is not ISA2004 because...
From the SBS 2003 Server I was able to browse to http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce and download the most recent SEPM .jdb file
From the SBS 2003 Server, I was able to point my browser at ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/jdb/ and also download the latest SEPM .jdb file.
I was able to do this with and without the specific Symantec firewall access rule enabled.
I am pointing the proxy to the LAN IP of the SBS2003 server and referencing ports 8080 for HTTP and 21 for FTP. This is similar to what I have configured for another client who is running SBS2003 with ISA2000.
To me, this seems to be an issue with Symantec. In SEPM rather than ISA.
Dave
I beloieve now that the issue is not ISA2004 because...
From the SBS 2003 Server I was able to browse to http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce and download the most recent SEPM .jdb file
From the SBS 2003 Server, I was able to point my browser at ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/jdb/ and also download the latest SEPM .jdb file.
I was able to do this with and without the specific Symantec firewall access rule enabled.
I am pointing the proxy to the LAN IP of the SBS2003 server and referencing ports 8080 for HTTP and 21 for FTP. This is similar to what I have configured for another client who is running SBS2003 with ISA2000.
To me, this seems to be an issue with Symantec. In SEPM rather than ISA.
Dave
On your SEPM Server , check the liveupdate log file
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\L
does it give any errors in here ?
Do you have SEP Firewall installed ? In version MR4 MP1 there are known issues with the Network Access Control component. That version was pulled from distribution just after release ( not acknowledged by Symantec to the general public though =p) ..
try MR4 MP1a from file.connect ( if you have a support agreement )
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\L
does it give any errors in here ?
Do you have SEP Firewall installed ? In version MR4 MP1 there are known issues with the Network Access Control component. That version was pulled from distribution just after release ( not acknowledged by Symantec to the general public though =p) ..
try MR4 MP1a from file.connect ( if you have a support agreement )
When you launch the browser and access the update url, the browser will pass your credentials to ISA; this may not be the case with an autoupdate process. The rule should allow "All outbound protocols" to "All Users" and not "All Authenticated Users"; can you confirm this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dave