Video Screencast Help

Website to allow from Firewall for SEP liveupdate

Created: 02 Dec 2009 • Updated: 12 Jun 2010 | 4 comments

Hi,

can anyone advise the exact websites to allow from the firewall ?

Comments 4 CommentsJump to latest comment

Rafeeq's picture

You need allow these on your firewall

  1. Liveupdate.symantecliveupdate.com
  2. Liveupdate.symantec.com
  3. Symantec.com

Symantec Endpoint Protection: LiveUpdate

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009082702000348

let me know if you have any questions.

John_Prince's picture

Greetings,

Here are the actual domains you want to whitelist for LiveUpdate:

symantec.com
liveupdate.symantecliveupdate.com
akamai.net

http://service1.symantec.com/SUPPORT/ent-security....

Remote Product Specialist, Business Critical Services, Symantec

Rafeeq's picture

Not sure why to open akmai.net to be open.
I did requested our firewall team to open these 3 websites on firewall 8 months before and all my sepm managers are updating fine.
I'm sure that akamai.net is not needed.

You need allow these on your firewall

  1. Liveupdate.symantecliveupdate.com
  2. Liveupdate.symantec.com
  3. Symantec.com

If you check the liveupdate.settings file, only the above three is mentioned
HOSTS\0\ACCESS=liveupdate.symantecliveupdate.com
HOSTS\0\ACCESS2=http://liveupdate.symantecliveupdate.com
HOSTS\0\IS_SYMANTEC:ENC=N%9-U,&[>@M
HOSTS\0\LOGIN:ENC=YBR#A%5\(CI
HOSTS\0\NAME=liveupdate.symantecliveupdate.com
HOSTS\0\PASSWORD:ENC=YBR#A%5\(CI
HOSTS\0\SUBNET=0.0.0.0
HOSTS\0\SUBNETMASK=0.0.0.0
HOSTS\0\TYPE=HTTP
HOSTS\1\ACCESS=liveupdate.symantec.com
HOSTS\1\ACCESS2=http://liveupdate.symantec.com
HOSTS\1\IS_SYMANTEC:ENC=N%9-U,&[>@M
HOSTS\1\LOGIN:ENC=YBR#A%5\(CI
HOSTS\1\NAME=liveupdate.symantec.com
HOSTS\1\PASSWORD:ENC=YBR#A%5\(CI
HOSTS\1\SUBNET=0.0.0.0
HOSTS\1\SUBNETMASK=0.0.0.0
HOSTS\1\TYPE=HTTP
HOSTS\2\ACCESS=update.symantec.com/opt/content/onramp
HOSTS\2\ACCESS2=ftp://update.symantec.com/opt/content/onramp
HOSTS\2\IS_SYMANTEC:ENC=N%9-U,&[>@M
HOSTS\2\LOGIN:ENC=V!0QDU7."^$C(%+!24M?+A
HOSTS\2\NAME=update.symantec.com
HOSTS\2\PASSWORD:ENC=L"`';1^I=[DC(%+!24M?+A
HOSTS\2\SUBNET=0.0.0.0
HOSTS\2\SUBNETMASK=0.0.0.0
HOSTS\2\TYPE=FTP

akamai is  a different company where files are hosted.

liveupdate.symantec.com should know where to go and what to do..

Let me know your thoughts.

John_Prince's picture

Akamai is a large company that helps loadbalance websites/downloads/etc. When we get a large load going we will re-direct some of our LU traffic to Akamai servers to help with processing/bandwidth.

While liveupdate.symantec.com will know what to do, we sometimes hand over the traffic to Akamai which will come back to your firewall as traffic from Akamai. If you have Akamai blocked then LU fails.

This is a fairly rare occurence though, I have only come across a few cases that Akamai is blocked and causing an LU issue on.

http://www.akamai.com/

Remote Product Specialist, Business Critical Services, Symantec