Solved

Firewall blocks liove update for Symantec endpoint protection client

Posted on 2010-11-09
15
1,880 Views
Last Modified: 2013-11-16
Hi Experts

I have a Watchguard 550e that don't allow SEP Live updates to go throught.
HTTP Proxy is activated, how can I create a roule to allow Live update throught the firewall?

I have been able to do a update when I dissable the HTTP Proxy roules but thats not an option to do every day to get new updates.

Regards

Gerth
0
Comment
Question by:Gerth
  • 5
  • 5
  • 3
  • +1
15 Comments
 
LVL 7

Expert Comment

by:willbaclimon
ID: 34095212
I believe it use's these ports

TCP:

139
445
2967
80
8014
8005
8443
9090
8443
1433
Ephemeral
UDP:

137
138

Here's some more info

http://internetforce.org/iforce/index.php?/topic/2-troubleshooting-liveupdate-issues-with-symantec-endpoint-protection/
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34098896
You can create an exception in HTTP proxy service to be able to get updates; please look at link below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1219/kw/HTTP%20proxy%20exception

Please note the link talks about windows update; but the process would be similar.

Please implement and update.

Thank you.
0
 

Author Comment

by:Gerth
ID: 34099668
Hi All

I have been able to find a solution to this problem.
It seems like adding the HTTP rule "Application/zip" to "Allow only safe content types" in the firewall will do.

Is this a safe approach to this issue?

dpk wal: thanks for the advice, but this is a simpler firewall , WatchGuard 550e, thats not handled through WSM, it only have an webinterface for configuration and I can't find anything reassembling the pictures in the article in the configuration interface.
conf-change.jpg
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Accepted Solution

by:
dpk_wal earned 125 total points
ID: 34100748
With 550e you have option to use web interface or management software; the link was based on management software. If you have 55e instead then yes with version lower than 11.x you only have option of web UI.

In the above screen; if you go to HTTP Settings tab; can you check if you have HTTP proxy exceptions.

If no, then what you did is the correct solution; only backdrop is this action would allow these content types for all HTTP traffic; so you can create another HTTP proxy service and then allow above content types only for Symantix updates as below:
Outgoing; Enabled and allowed; from trusted; to all-comma-separated-public-ip-of-semantic-site

Thank you.
0
 
LVL 6

Assisted Solution

by:Jon Snyderman
Jon Snyderman earned 125 total points
ID: 34100897
As dpk_wal indicated, the proxy exceptions would be the right way to go on this.  The URLs that need to be listed are:
liveupdate.symantecliveupdate.com
liveupdate.symantec.com
update.symantec.com

This assumes that we can trust Symantec.  I think thats a pretty safe bet.

~Jon
0
 

Author Comment

by:Gerth
ID: 34101133
Hi

Confession - i have misslead you the firewall is a Watchguard x55e and not a x550e as i wrote earlier.
The firewall version is 10.1
Is it possible to make HTTP exeptions on that model ?

Very sorry for the typo on the model.

//Gerth
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34101180
I was wondering about your "no WSM" comment.  That explains it.  No issue.   Yes, version 10 on the older edge does support the proxy exceptions and that would still be the best way to resolve the problem in my opinion.

~Jon
0
 

Author Comment

by:Gerth
ID: 34101247
Hi jsnyderman

Thanks for the advice, i found the "HTTP Proxy" exeption in the web interface now an have added the URL:s given by you.

The exeptions was on another "tab" in the user interface and "off screen" so when I clicked around and scrolled each window to the bottom did I find it, had not seen it before.
Have asked my user on the remote site to verify the solution.

I will come back with the results.

//Gerth
0
 

Author Comment

by:Gerth
ID: 34101660
Hi all

User have verified that this solution works.
Thanks for promt and helpfull explanations.

//Gerth
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34108601
Comment accepted as answer has reference to an earlier comment of mine; so my comment should have been awarded some points. A point split would be appropriate IMO.

I have raised a question for moderators to have a look.

Thank you.
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 34108628
Note that I agree with dpk_wal.  His original recommendation was accurate.  I just added more specifics and direction to the response.  Please feel free to split points.

~Jon
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34108636
Thank you, Jon!
0
 

Author Comment

by:Gerth
ID: 34110084
Hi all and especially dpk_wal

I appoligize for missing to split the points, I'm quite new to EE and have not really learned the roules in here. Looking at your statement and reading throught the original post gives that the solution was there too.

I was just so greateful that the problem was solved so i didn't reflect over all post in this thread.

Will be more accurate in awarding points in the future - the help, and speed, from the community users is awsome and credit to the one(s) that deserve it.

//Gerth
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 34110159
Hi Gerth,

Not a problem; welcome to EE! :) ;)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question