This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AutoUpdate failing on PCs where they are limited to certain websites

We have a bunch of PCs in our factory that have limited website access. There is a list of approved websites they can reach.

On these units Sophos will not update. I am trying to find out the location of the site it's trying to download from so I can add it to the list of sites these PCs can access.

 

Thanks,

Steve



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Steve,

    I can ping
    I can't refrain from pointing out time and again that ping (contrary to common expectation) doesn't tell much if anything at all. That it succeeds only confirms that there is a network path to the update servers.
    We're concerned with an application that encounters a 12002 (timeout). The problem is likely in the transport (TCP) or application (HTTPS) layer. Please try to open the update location with a browser. The result should indicate whether the location can't be reached (i.e. it doesn't get as far as sending a request) or no response is received.

    Christian

  • FormerMember
    0 FormerMember in reply to Steve Venice

    The most useful next step would be to get a wireshark capture during the update attempt and see what is happening.

    Specifically, see if you are getting replies from the servers. Also, see if you are getting RST packets back.

    If you are getting replies - check with your ISP if they are doing a HTTPs proxy or web caching server. Any other systems in the way that alter the traffic, such as HTTPs inspection or proxies, can cause problems with the update. 

    Finally, you could also try using an update cache in your local network which your endpoints update from. Then you can just open up the network for just the update cache.

  • Just want to give a final update on this issue.


    The resolution was as originally thought, our Web filter was blocking access. There is a built in filter for Sophos in VeloCloud devices that we use, but it seems like it stopped working in August.  To get around this for now (hoping an update to these boxes may resolve it), we manually added the address in to the allowed web sites. What made it more complex was the fact that the web filter can only take IP addresses and dci.sophosupd.net has multiple IP addresses when you ping it from different machines, as does dci.sophosupd.com.

     

    Putting the multiple addresses we found for the sites into our web filter, started letting our devices update again.

  • Hi  

    Glad to know that you were able to fix this. Thank you for updating the resolution as well. Feel free to reach out to us for any further concerns. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids