Solved

Firewall blocks liove update for Symantec endpoint protection client

Posted on 2010-11-09
15
1,895 Views
Last Modified: 2013-11-16
Hi Experts

I have a Watchguard 550e that don't allow SEP Live updates to go throught.
HTTP Proxy is activated, how can I create a roule to allow Live update throught the firewall?

I have been able to do a update when I dissable the HTTP Proxy roules but thats not an option to do every day to get new updates.

Regards

Gerth
0
Comment
Question by:Gerth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
  • +1
15 Comments
 
LVL 7

Expert Comment

by:willbaclimon
ID: 34095212
I believe it use's these ports

TCP:

139
445
2967
80
8014
8005
8443
9090
8443
1433
Ephemeral
UDP:

137
138

Here's some more info

http://internetforce.org/iforce/index.php?/topic/2-troubleshooting-liveupdate-issues-with-symantec-endpoint-protection/
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34098896
You can create an exception in HTTP proxy service to be able to get updates; please look at link below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1219/kw/HTTP%20proxy%20exception

Please note the link talks about windows update; but the process would be similar.

Please implement and update.

Thank you.
0
 

Author Comment

by:Gerth
ID: 34099668
Hi All

I have been able to find a solution to this problem.
It seems like adding the HTTP rule "Application/zip" to "Allow only safe content types" in the firewall will do.

Is this a safe approach to this issue?

dpk wal: thanks for the advice, but this is a simpler firewall , WatchGuard 550e, thats not handled through WSM, it only have an webinterface for configuration and I can't find anything reassembling the pictures in the article in the configuration interface.
conf-change.jpg
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 
LVL 32

Accepted Solution

by:
dpk_wal earned 125 total points
ID: 34100748
With 550e you have option to use web interface or management software; the link was based on management software. If you have 55e instead then yes with version lower than 11.x you only have option of web UI.

In the above screen; if you go to HTTP Settings tab; can you check if you have HTTP proxy exceptions.

If no, then what you did is the correct solution; only backdrop is this action would allow these content types for all HTTP traffic; so you can create another HTTP proxy service and then allow above content types only for Symantix updates as below:
Outgoing; Enabled and allowed; from trusted; to all-comma-separated-public-ip-of-semantic-site

Thank you.
0
 
LVL 6

Assisted Solution

by:Jon Snyderman
Jon Snyderman earned 125 total points
ID: 34100897
As dpk_wal indicated, the proxy exceptions would be the right way to go on this.  The URLs that need to be listed are:
liveupdate.symantecliveupdate.com
liveupdate.symantec.com
update.symantec.com

This assumes that we can trust Symantec.  I think thats a pretty safe bet.

~Jon
0
 

Author Comment

by:Gerth
ID: 34101133
Hi

Confession - i have misslead you the firewall is a Watchguard x55e and not a x550e as i wrote earlier.
The firewall version is 10.1
Is it possible to make HTTP exeptions on that model ?

Very sorry for the typo on the model.

//Gerth
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34101180
I was wondering about your "no WSM" comment.  That explains it.  No issue.   Yes, version 10 on the older edge does support the proxy exceptions and that would still be the best way to resolve the problem in my opinion.

~Jon
0
 

Author Comment

by:Gerth
ID: 34101247
Hi jsnyderman

Thanks for the advice, i found the "HTTP Proxy" exeption in the web interface now an have added the URL:s given by you.

The exeptions was on another "tab" in the user interface and "off screen" so when I clicked around and scrolled each window to the bottom did I find it, had not seen it before.
Have asked my user on the remote site to verify the solution.

I will come back with the results.

//Gerth
0
 

Author Comment

by:Gerth
ID: 34101660
Hi all

User have verified that this solution works.
Thanks for promt and helpfull explanations.

//Gerth
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34108601
Comment accepted as answer has reference to an earlier comment of mine; so my comment should have been awarded some points. A point split would be appropriate IMO.

I have raised a question for moderators to have a look.

Thank you.
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34108628
Note that I agree with dpk_wal.  His original recommendation was accurate.  I just added more specifics and direction to the response.  Please feel free to split points.

~Jon
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34108636
Thank you, Jon!
0
 

Author Comment

by:Gerth
ID: 34110084
Hi all and especially dpk_wal

I appoligize for missing to split the points, I'm quite new to EE and have not really learned the roules in here. Looking at your statement and reading throught the original post gives that the solution was there too.

I was just so greateful that the problem was solved so i didn't reflect over all post in this thread.

Will be more accurate in awarding points in the future - the help, and speed, from the community users is awsome and credit to the one(s) that deserve it.

//Gerth
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34110159
Hi Gerth,

Not a problem; welcome to EE! :) ;)
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question