Endpoint Protection

 View Only

  • 1.  SEP 12.1 - Pulling Updates from Symantec to SEPM

    Posted Apr 09, 2015 10:45 AM

    I found this document and I was just looking for clarification. I have a configured SEPM that currently deals with content download and distribution. I would like to lock my firewall rules down a bit. According to the linked document, it appears like the SEPM will attempt to gain access to the content via HTTP first and only IF that fails, it will attempt to gain access to the content via FTP. Is this correct? I would like to remove access to the FTP protocol for my SEPM if possible restricting it to only http and https. 

     

    Thanks in advance. 



  • 2.  RE: SEP 12.1 - Pulling Updates from Symantec to SEPM

    Posted Apr 09, 2015 10:47 AM

    As long as one of the URLs is accessible it should work. I've never used ftp. It doesn't use a specific order but whichever one it can hit.



  • 3.  RE: SEP 12.1 - Pulling Updates from Symantec to SEPM

    Posted Apr 09, 2015 10:48 AM

    Yes that can be done.

    these two will still get defs

    http://liveupdate.symantecliveupdate.com

    http://liveupdate.symantec.com



  • 4.  RE: SEP 12.1 - Pulling Updates from Symantec to SEPM

    Posted Apr 09, 2015 10:56 AM

    Do you know if the URLs have static IP addresses associated with them? Or can the IPs for Symantec LiveUpdate change occasionallly? I can't seem to find a document relating to the LiveUpdate destinations.



  • 5.  RE: SEP 12.1 - Pulling Updates from Symantec to SEPM

    Posted Apr 09, 2015 10:56 AM

    The IPs change (uses Akamai). The names remain static.

    Good doc here:

    How to determine whether your firewall is blocking LiveUpdate



  • 6.  RE: SEP 12.1 - Pulling Updates from Symantec to SEPM

    Broadcom Employee
    Posted Apr 09, 2015 11:27 AM

    Hi,

    Thank you for posting in Symantec community.

    Symantec makes LiveUpdate content available on the Internet through a partnership with the Akamai server network.  Akamai is a network of tens of thousands of servers scattered worldwide for more efficient distribution of content.  Symantec recommends specifying Symantec LiveUpdate servers via DNS name (fully qualified domain name), not via one or more static IP addresses. Use of static IP addresses to access Symantec LiveUpdate content is not supported or recommended.

    Go through this article: Can LiveUpdate be configured to use static IP addresses?

    http://www.symantec.com/docs/TECH97397



  • 7.  RE: SEP 12.1 - Pulling Updates from Symantec to SEPM

    Broadcom Employee
    Posted Apr 09, 2015 11:44 AM

    SEPM tries to access following two FTP sites.

    update.symantec.com/opt/content/onramp
    update.symantec.com

    Create a new firewall rule to block FTP access for these two sites.

    Liveupdate cannot connect to server - What IP-s (IP addresses) should be configured as Firewall and Proxy exceptions to enable LiveUpdate?

    http://www.symantec.com/docs/TECH163079