[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Firewall blocks liove update for Symantec endpoint protection client

Posted on 2010-11-09
15
Medium Priority
?
1,905 Views
Last Modified: 2013-11-16
Hi Experts

I have a Watchguard 550e that don't allow SEP Live updates to go throught.
HTTP Proxy is activated, how can I create a roule to allow Live update throught the firewall?

I have been able to do a update when I dissable the HTTP Proxy roules but thats not an option to do every day to get new updates.

Regards

Gerth
0
Comment
Question by:Gerth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
  • +1
15 Comments
 
LVL 7

Expert Comment

by:willbaclimon
ID: 34095212
I believe it use's these ports

TCP:

139
445
2967
80
8014
8005
8443
9090
8443
1433
Ephemeral
UDP:

137
138

Here's some more info

http://internetforce.org/iforce/index.php?/topic/2-troubleshooting-liveupdate-issues-with-symantec-endpoint-protection/
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34098896
You can create an exception in HTTP proxy service to be able to get updates; please look at link below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1219/kw/HTTP%20proxy%20exception

Please note the link talks about windows update; but the process would be similar.

Please implement and update.

Thank you.
0
 

Author Comment

by:Gerth
ID: 34099668
Hi All

I have been able to find a solution to this problem.
It seems like adding the HTTP rule "Application/zip" to "Allow only safe content types" in the firewall will do.

Is this a safe approach to this issue?

dpk wal: thanks for the advice, but this is a simpler firewall , WatchGuard 550e, thats not handled through WSM, it only have an webinterface for configuration and I can't find anything reassembling the pictures in the article in the configuration interface.
conf-change.jpg
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 34100748
With 550e you have option to use web interface or management software; the link was based on management software. If you have 55e instead then yes with version lower than 11.x you only have option of web UI.

In the above screen; if you go to HTTP Settings tab; can you check if you have HTTP proxy exceptions.

If no, then what you did is the correct solution; only backdrop is this action would allow these content types for all HTTP traffic; so you can create another HTTP proxy service and then allow above content types only for Symantix updates as below:
Outgoing; Enabled and allowed; from trusted; to all-comma-separated-public-ip-of-semantic-site

Thank you.
0
 
LVL 6

Assisted Solution

by:Jon Snyderman
Jon Snyderman earned 500 total points
ID: 34100897
As dpk_wal indicated, the proxy exceptions would be the right way to go on this.  The URLs that need to be listed are:
liveupdate.symantecliveupdate.com
liveupdate.symantec.com
update.symantec.com

This assumes that we can trust Symantec.  I think thats a pretty safe bet.

~Jon
0
 

Author Comment

by:Gerth
ID: 34101133
Hi

Confession - i have misslead you the firewall is a Watchguard x55e and not a x550e as i wrote earlier.
The firewall version is 10.1
Is it possible to make HTTP exeptions on that model ?

Very sorry for the typo on the model.

//Gerth
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34101180
I was wondering about your "no WSM" comment.  That explains it.  No issue.   Yes, version 10 on the older edge does support the proxy exceptions and that would still be the best way to resolve the problem in my opinion.

~Jon
0
 

Author Comment

by:Gerth
ID: 34101247
Hi jsnyderman

Thanks for the advice, i found the "HTTP Proxy" exeption in the web interface now an have added the URL:s given by you.

The exeptions was on another "tab" in the user interface and "off screen" so when I clicked around and scrolled each window to the bottom did I find it, had not seen it before.
Have asked my user on the remote site to verify the solution.

I will come back with the results.

//Gerth
0
 

Author Comment

by:Gerth
ID: 34101660
Hi all

User have verified that this solution works.
Thanks for promt and helpfull explanations.

//Gerth
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34108601
Comment accepted as answer has reference to an earlier comment of mine; so my comment should have been awarded some points. A point split would be appropriate IMO.

I have raised a question for moderators to have a look.

Thank you.
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34108628
Note that I agree with dpk_wal.  His original recommendation was accurate.  I just added more specifics and direction to the response.  Please feel free to split points.

~Jon
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34108636
Thank you, Jon!
0
 

Author Comment

by:Gerth
ID: 34110084
Hi all and especially dpk_wal

I appoligize for missing to split the points, I'm quite new to EE and have not really learned the roules in here. Looking at your statement and reading throught the original post gives that the solution was there too.

I was just so greateful that the problem was solved so i didn't reflect over all post in this thread.

Will be more accurate in awarding points in the future - the help, and speed, from the community users is awsome and credit to the one(s) that deserve it.

//Gerth
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34110159
Hi Gerth,

Not a problem; welcome to EE! :) ;)
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question