We recently took over a small (1 Poweredge 2900 box running Windows 2003 Standard server, 15 clients, mostly Win7 Pro) network. The network was previously configured but we've gone over things and modified per best practices. Part of the reconfiguration has been implementing a paid antivirus solution. We are using Kaspersky Endpoint Security for Business Select. The problem we've run into is that the Kaspersky Security Center can't download updates.
Kaspersky picks a download server from random from a pool. Servers are in the format of http://dnl-XX.geo.kaspersky.com:80
. Connections always fail.
The router is a Cisco ASA 5505 which I am administering via the web SDM. Its firewall actively blocks outbound traffic. I've already worked around this for other services by adding Access Rules to the Security Policy tab using the following configuration:
Service: <custom service for the program's specific port>
Traffic Direction: In
Source Service: <blank>
Time Range: <blank>
The other services for which I have created incoming rules on the outside interface have worked properly. For example, the offsite backup service we use runs on port 444 and after creating a rule for it, it communicates as expected.
Since Kaspersky uses port 80, I have created a rule using the same settings as mentioned above for port 80, but the Security Center is still unable to communicate with the Kaspersky update servers.
That said, I am able to web-browse from the server with no problems, so obviously outgoing traffic on port 80 is already working. It was working before I created any rules for port 80 trying to fix Kaspersky.
Stuff I have noticed or tried:
--This problem appears to only affect Kaspersky.com's update addresses. I can browse and telnet to the Kaspersky website at usa.kaspersky.com:80 but cannot telnet to dnl-XX.geo.kaspersky.com:8
--I can telnet to services that I have created custom rules for, IE the offsite backup service on port 444.
--DNS resolves dnl-XX.geo.kaspersky.com properly (confirmed by tested elsewhere) but pings time out and tracerts fail part of the way there.
--The problem does not appear to be ISP-related--other businesses share the same fiber connection (behind different routers--sequestered from each other) and they can browse, ping and telnet to dnl-XX.geo.kaspersky.com with no problems.
--I can't find anything in the ASA's configuration that leads me to believe it's actively blocking anything Kaspersky-related.
--Rebooting the server has no effect.
--The workstation I tried on that network CAN ping and telnet to dnl-XX.geo.kaspersky.com so the problem appears to be limited to the server. All workstations get IPs via DHCP on the '03 Server, and all workstations have the '03 Server's DNS as their sole DNS provider.
--ipconfig /flushdns followed by ipconfig /registerdns on the server has no effect.
--Windows Firewall is not running on the server.
--There doesn't appear to be any other firewall installed on the server. (No antivirus is installed currently either--I have just installed Kaspersky Security Center, not the Endpoint client.)
--The server is not configured to use a proxy. However, it appears that it had been at some point. The proxy address that had previously been used is an external IP address, on port 2720.
--The server's NIC is a Broadcom NetXtreme II. The driver is v184.108.40.206, from 5/14/08, so it's ridiculously old. I'm hesitant to update it since I'm working remotely, but maybe I will and just head over there as soon as they open, if it bombs.
--As far as I know, the server is not having communication problems with any other sites or services.
So, I can't find anything on the server that looks like it might be blocking Kaspersky's update servers, not can I find anything in the ASA that could be blocking them. What should I try next?