Endpoint Protection

 View Only

  • 1.  SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:25 AM

    Hi,

    We have the following situation:

    A computer with the newest managed SEP 12.1 Client on it. On this computer runs VMWare Player with a virtual machine. In this virtual machine runs an unmanaged version of the newest SEP Client.

    The problem is, that Live Update doesn't work within that unmanaged virtual machine. On the host system with the managed client, Live Update works fine (both management server / Symantec Live Update Server).

    In the host firewall log, an incoming TCP connection from the liveupdate server to the virtual machine is blocked. (firewall rule to block all ip traffic). Why does the host system blocks some traffic to the virtual machine? We already have a firewall rule to allow all traffic of the vmware adapters.

    In the firewall log of the virtual machine, nothing gets blocked.

    Why is Live update not working? (Everything like http/s and ftp is working)



  • 2.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:28 AM

    Out of curiousity, does it work if you disable the firewall?

    Did you specifically allow access to port 80/443 instead of hostname or IP?

    LiveUpdate using dynamic IPs so you would need to add the specific port.



  • 3.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:36 AM

    How to determine whether your firewall is blocking LiveUpdate

     

    http://service1.symantec.com/support/sharedtech.nsf/docid/2003090514252213



  • 4.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:41 AM

    yes, when i disable the host firewall, live update starts immediately



  • 5.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:43 AM

    Add a rule to allow 80/443 and move it to the top. Try running LU again.



  • 6.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:43 AM

    I've already tried this document. i can download the http://liveupdate.symantecliveupdate.com/livetri.zip file



  • 7.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:52 AM

     

    the host firewall log shows entries similar to that:

     

    blocked

    		 TCP incoming   192.168.101.224 (local ip of virtual machine) 1044 (local port)   213.248.114.174 (remote ip) 21 (remote port)

     

     



  • 8.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:53 AM

    still not working



  • 9.  RE: SEP 12.1 Firewall blocks Live Update in VMWare

    Posted Feb 01, 2013 11:55 AM

    Well it also uses ftp so allow port 21 as well.

    What happens if you create an allow rule and place it at the top of the list than? Some rule has to be doing this blocking...



  • 10.  RE: SEP 12.1 Firewall blocks Live Update in VMWare
    Best Answer

    Posted Feb 01, 2013 12:13 PM

    Just solved this problem:

    We have a proxy in our network. in this network, the live update is not working within the virtual machine.

    when i connect the computer to our guest network without proxy authentication, live update is working.

     

    solution: the SEP client is using the system proxy settings by default. Now i changed one option in the unmanaged SEP Client of the virtual machine: in the Live Update Proxy configuration, i disabled the proxy.

    After this configuration, the live update is working!

    But i don't understand why the host firewall blocks some live udpate traffic when i use proxy authentication in the virtual machine!