Firewall blocks liove update for Symantec endpoint protection client

Hi Experts

I have a Watchguard 550e that don't allow SEP Live updates to go throught.
HTTP Proxy is activated, how can I create a roule to allow Live update throught the firewall?

I have been able to do a update when I dissable the HTTP Proxy roules but thats not an option to do every day to get new updates.

Regards

Gerth
GerthAsked:
Who is Participating?
 
dpk_walConnect With a Mentor Commented:
With 550e you have option to use web interface or management software; the link was based on management software. If you have 55e instead then yes with version lower than 11.x you only have option of web UI.

In the above screen; if you go to HTTP Settings tab; can you check if you have HTTP proxy exceptions.

If no, then what you did is the correct solution; only backdrop is this action would allow these content types for all HTTP traffic; so you can create another HTTP proxy service and then allow above content types only for Symantix updates as below:
Outgoing; Enabled and allowed; from trusted; to all-comma-separated-public-ip-of-semantic-site

Thank you.
0
 
willbaclimonCommented:
I believe it use's these ports

TCP:

139
445
2967
80
8014
8005
8443
9090
8443
1433
Ephemeral
UDP:

137
138

Here's some more info

http://internetforce.org/iforce/index.php?/topic/2-troubleshooting-liveupdate-issues-with-symantec-endpoint-protection/
0
 
dpk_walCommented:
You can create an exception in HTTP proxy service to be able to get updates; please look at link below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1219/kw/HTTP%20proxy%20exception

Please note the link talks about windows update; but the process would be similar.

Please implement and update.

Thank you.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
GerthAuthor Commented:
Hi All

I have been able to find a solution to this problem.
It seems like adding the HTTP rule "Application/zip" to "Allow only safe content types" in the firewall will do.

Is this a safe approach to this issue?

dpk wal: thanks for the advice, but this is a simpler firewall , WatchGuard 550e, thats not handled through WSM, it only have an webinterface for configuration and I can't find anything reassembling the pictures in the article in the configuration interface.
conf-change.jpg
0
 
Jon SnydermanConnect With a Mentor Commented:
As dpk_wal indicated, the proxy exceptions would be the right way to go on this.  The URLs that need to be listed are:
liveupdate.symantecliveupdate.com
liveupdate.symantec.com
update.symantec.com

This assumes that we can trust Symantec.  I think thats a pretty safe bet.

~Jon
0
 
GerthAuthor Commented:
Hi

Confession - i have misslead you the firewall is a Watchguard x55e and not a x550e as i wrote earlier.
The firewall version is 10.1
Is it possible to make HTTP exeptions on that model ?

Very sorry for the typo on the model.

//Gerth
0
 
Jon SnydermanCommented:
I was wondering about your "no WSM" comment.  That explains it.  No issue.   Yes, version 10 on the older edge does support the proxy exceptions and that would still be the best way to resolve the problem in my opinion.

~Jon
0
 
GerthAuthor Commented:
Hi jsnyderman

Thanks for the advice, i found the "HTTP Proxy" exeption in the web interface now an have added the URL:s given by you.

The exeptions was on another "tab" in the user interface and "off screen" so when I clicked around and scrolled each window to the bottom did I find it, had not seen it before.
Have asked my user on the remote site to verify the solution.

I will come back with the results.

//Gerth
0
 
GerthAuthor Commented:
Hi all

User have verified that this solution works.
Thanks for promt and helpfull explanations.

//Gerth
0
 
dpk_walCommented:
Comment accepted as answer has reference to an earlier comment of mine; so my comment should have been awarded some points. A point split would be appropriate IMO.

I have raised a question for moderators to have a look.

Thank you.
0
 
Jon SnydermanCommented:
Note that I agree with dpk_wal.  His original recommendation was accurate.  I just added more specifics and direction to the response.  Please feel free to split points.

~Jon
0
 
dpk_walCommented:
Thank you, Jon!
0
 
GerthAuthor Commented:
Hi all and especially dpk_wal

I appoligize for missing to split the points, I'm quite new to EE and have not really learned the roules in here. Looking at your statement and reading throught the original post gives that the solution was there too.

I was just so greateful that the problem was solved so i didn't reflect over all post in this thread.

Will be more accurate in awarding points in the future - the help, and speed, from the community users is awsome and credit to the one(s) that deserve it.

//Gerth
0
 
dpk_walCommented:
Hi Gerth,

Not a problem; welcome to EE! :) ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.