Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 2747 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Luminar 4 updates blocked

Casual_User

I've been trying to update my photo editing software, Luminar 4, without success.  Something is blocking it.  I cannot find anything in the logs (IPv4 or IPv6).  When I enter the update site in the Policy Tester it shows it as being allowed.  I've added the website as Allowed under Intrusion Prevention -> Custom IPS Signatures.  I've added it under Web -> Exemptions, still a no go.  Luminar technical support provided me with the URL for their update server which is what I'm using in my exemption rules.

The only way I can get it to work is to create a new firewall rule to allow all LAN to WAN without any filtering.  It is a pain having to create a custom firewall rule each time I want to update software.

Also, it would be nice if the Policy Tester worked with IPv6 addresses.



This thread was automatically locked due to age.
Parents
  • 0

    What version of XG are you working on?
    How is your HTTPS scanning configurated?

    For v17:
    When adding an exception did you allso tik "Policy checks" ?
    And possibly the "Malware and content scanning box" 

    For v18:
    If you also use the SSL/TLS acanning options, have you tried adding  "skylum.com" to Web -> URL-groups -> Local TLS exclusion list?
    This worked for me.

    Grtz, Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Reply
  • 0

    What version of XG are you working on?
    How is your HTTPS scanning configurated?

    For v17:
    When adding an exception did you allso tik "Policy checks" ?
    And possibly the "Malware and content scanning box" 

    For v18:
    If you also use the SSL/TLS acanning options, have you tried adding  "skylum.com" to Web -> URL-groups -> Local TLS exclusion list?
    This worked for me.

    Grtz, Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Children
  • 0 in reply to Peter-Paul Gras

    Thanks for the reply Peter-Paul,

    I'm running v18 and I don't use SSL/TLS scanning.  I have all the boxes checked in the exemptions.  I tried adding the skylum site to the SSL/TLS exemptions, but it didn't make a difference.

  • 0 in reply to Casual_User

    Can you share some screenshots of what you have done?

    And perhaps share some logfile data?

    Grtz, Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • 0 in reply to Peter-Paul Gras

    Hi Peter-Paul,

    Here are my configs for exemptions:

    Intrusion Prevention Exemption:

    TLS Exemption:

    Web Exemption:

  • +1 in reply to Casual_User

    Thank you. I'm not sure about the IPS exception, would probably try without this setting.

    Since you're not using the TLS/SSL DPI engine, the TLS exception is doing nothing for you.

    Concerning the HTTPS scan exception: please try this (Regex): 
    ^([A-Za-z0-9.-]*\.)?skylum\.com\.?/

    Grtz, Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • 0 in reply to Peter-Paul Gras

    Thanks Peter-Paul,

    That worked, I should have tried using Regex.  I have other site not in Regex format that work in the exemptions.

    Thanks again.

  • 0 in reply to Peter-Paul Gras

    Well this has stopped working.  When I checked for updates today, it timed out giving me an error.  The only way I solved it was to add an IPv6 rule to allow all LAN to WAN traffic without filtering.  Only then would Luminar check for updates and let me know that I was up-to-date.  The same is true to install Emby Theatre.

    Do the Web Exemptions not apply to IPv6?

Unfiltered HTML