Gerth
asked on
Firewall blocks liove update for Symantec endpoint protection client
Hi Experts
I have a Watchguard 550e that don't allow SEP Live updates to go throught.
HTTP Proxy is activated, how can I create a roule to allow Live update throught the firewall?
I have been able to do a update when I dissable the HTTP Proxy roules but thats not an option to do every day to get new updates.
Regards
Gerth
I have a Watchguard 550e that don't allow SEP Live updates to go throught.
HTTP Proxy is activated, how can I create a roule to allow Live update throught the firewall?
I have been able to do a update when I dissable the HTTP Proxy roules but thats not an option to do every day to get new updates.
Regards
Gerth
You can create an exception in HTTP proxy service to be able to get updates; please look at link below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1219/kw/HTTP%20proxy%20exception
Please note the link talks about windows update; but the process would be similar.
Please implement and update.
Thank you.
http://watchguard.custhelp.com/app/answers/detail/a_id/1219/kw/HTTP%20proxy%20exception
Please note the link talks about windows update; but the process would be similar.
Please implement and update.
Thank you.
ASKER
Hi All
I have been able to find a solution to this problem.
It seems like adding the HTTP rule "Application/zip" to "Allow only safe content types" in the firewall will do.
Is this a safe approach to this issue?
dpk wal: thanks for the advice, but this is a simpler firewall , WatchGuard 550e, thats not handled through WSM, it only have an webinterface for configuration and I can't find anything reassembling the pictures in the article in the configuration interface.
conf-change.jpg
I have been able to find a solution to this problem.
It seems like adding the HTTP rule "Application/zip" to "Allow only safe content types" in the firewall will do.
Is this a safe approach to this issue?
dpk wal: thanks for the advice, but this is a simpler firewall , WatchGuard 550e, thats not handled through WSM, it only have an webinterface for configuration and I can't find anything reassembling the pictures in the article in the configuration interface.
conf-change.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
Confession - i have misslead you the firewall is a Watchguard x55e and not a x550e as i wrote earlier.
The firewall version is 10.1
Is it possible to make HTTP exeptions on that model ?
Very sorry for the typo on the model.
//Gerth
Confession - i have misslead you the firewall is a Watchguard x55e and not a x550e as i wrote earlier.
The firewall version is 10.1
Is it possible to make HTTP exeptions on that model ?
Very sorry for the typo on the model.
//Gerth
I was wondering about your "no WSM" comment. That explains it. No issue. Yes, version 10 on the older edge does support the proxy exceptions and that would still be the best way to resolve the problem in my opinion.
~Jon
~Jon
ASKER
Hi jsnyderman
Thanks for the advice, i found the "HTTP Proxy" exeption in the web interface now an have added the URL:s given by you.
The exeptions was on another "tab" in the user interface and "off screen" so when I clicked around and scrolled each window to the bottom did I find it, had not seen it before.
Have asked my user on the remote site to verify the solution.
I will come back with the results.
//Gerth
Thanks for the advice, i found the "HTTP Proxy" exeption in the web interface now an have added the URL:s given by you.
The exeptions was on another "tab" in the user interface and "off screen" so when I clicked around and scrolled each window to the bottom did I find it, had not seen it before.
Have asked my user on the remote site to verify the solution.
I will come back with the results.
//Gerth
ASKER
Hi all
User have verified that this solution works.
Thanks for promt and helpfull explanations.
//Gerth
User have verified that this solution works.
Thanks for promt and helpfull explanations.
//Gerth
Comment accepted as answer has reference to an earlier comment of mine; so my comment should have been awarded some points. A point split would be appropriate IMO.
I have raised a question for moderators to have a look.
Thank you.
I have raised a question for moderators to have a look.
Thank you.
Note that I agree with dpk_wal. His original recommendation was accurate. I just added more specifics and direction to the response. Please feel free to split points.
~Jon
~Jon
Thank you, Jon!
ASKER
Hi all and especially dpk_wal
I appoligize for missing to split the points, I'm quite new to EE and have not really learned the roules in here. Looking at your statement and reading throught the original post gives that the solution was there too.
I was just so greateful that the problem was solved so i didn't reflect over all post in this thread.
Will be more accurate in awarding points in the future - the help, and speed, from the community users is awsome and credit to the one(s) that deserve it.
//Gerth
I appoligize for missing to split the points, I'm quite new to EE and have not really learned the roules in here. Looking at your statement and reading throught the original post gives that the solution was there too.
I was just so greateful that the problem was solved so i didn't reflect over all post in this thread.
Will be more accurate in awarding points in the future - the help, and speed, from the community users is awsome and credit to the one(s) that deserve it.
//Gerth
Hi Gerth,
Not a problem; welcome to EE! :) ;)
Not a problem; welcome to EE! :) ;)
TCP:
139
445
2967
80
8014
8005
8443
9090
8443
1433
Ephemeral
UDP:
137
138
Here's some more info
http://internetforce.org/iforce/index.php?/topic/2-troubleshooting-liveupdate-issues-with-symantec-endpoint-protection/