Solution
LiveUpdate on Macintosh -will- use the HTTP proxy from the Macintosh Network System Preferences, but will authenticate anonymously. It is recommended to whitelist the Symantec servers at the proxy, bypass the proxy for the client, use an internal LiveUpdate server (LiveUpdate Administrator 2.x or the legacy LiveUpdate Administration Utility 1.x), and/or add proxy information to the /etc/liveupdate.conf file.
To whitelist the Symantec servers:
The default HTTP servers are liveupdate.symantec.com and liveupdate.symantecliveupdate.com, and the default FTP server is update.symantec.com. Examine the /etc/liveupdate.conf file for any custom URLs that may have been set. Consult with the documentation specific to your proxy server to configure a whitelist for these addresses.
To bypass the proxy on the client machine:
- On the Apple menu, click System Preferences.
- Under Internet & Network, click Network.
- Click Proxies.
- In the "Select a proxy server to configure" box, click Web Proxy (HTTP).
- In the "Bypass proxy settings for these Hosts & Domains" box, enter all URLs specified in /etc/liveupdate.conf.
- Quit System Preferences.
To use an internal LiveUpdate server:
If there is no web proxy that provides access without login or password, you can update via an internal LiveUpdate server by following the directions given in the below documents:
If using an internal LiveUpdate server, ensure proxy exceptions are correctly entered for local addresses. The following link to this Apple article is included for your convenience: Entering Proxy Server Settings (http://docs.info.apple.com/article.html?path=Mac/10.5/en/8760.html)
To add proxy authentication information to /etc/liveupdate.conf:
To specify a proxy for LiveUpdate, add a "proxy=a.b.c.d:port" entry to /etc/liveupdate.conf. Note that this file is not visible in the Macintosh Finder--you must edit it in a terminal window using vi, pico, or other command-line editor, and run the editor command with sudo. You cannot add proxyusername or proxypassword settings; LiveUpdate for Macintosh does not work with proxies that require authentication. For more details, see the document How to set proxy settings in Java LiveUpdate.
Note that LiveUpdate on Macintosh -will- use the HTTP proxy from the Macintosh Network System Preferences and that setting (if configured) will override any in /etc/liveupdate.conf. If you don't want to use the OS proxy settings for LiveUpdate, add the URL(s) from /etc/liveupdate.conf to the proxy bypass settings in the Macintosh Network System Preferences.
WARNING: do not edit the following file:
/Library/Application Support/Symantec/LiveUpdate/liveupdate.conf
That conf file is overwritten with a combination of /etc/liveupdate.conf and the OS proxy settings every time LiveUpdate runs.
For managed SEP for Mac clients, changes to the LiveUpdate server source (delivered by policy on heartbeat) does not appear to overwrite the whole file (and delete the proxy settings), but merely replaces specific values (such as hosts) within the configuration files with updated information.
Note: In SEP 11.x for Macintosh and older, location awareness is not available; laptops with those client versions won't be able to connect to LiveUpdate servers to retrieve updates when they leave the corporate network unless this proxy info is commented out of /etc/liveupdate.conf (# at the beginning of the line indicates a comment).
|