Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 34 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 13267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

So... why are NVIDIA drivers suddenly taboo to download?

Amodin

Not changed a thing on XG, even downloaded these drivers, using the same application, several times in the past. For the first time in weeks, I haven't had to mess with anything.  This worked just fine before.

I even have a 'Safe Downloading' exception for NVIDIA, yet the firewall is denying the download.  Today, the moon or the sun, or someone screwing with something must be the issue.  Had this happen before on UTM with Windows Updates, and then it magically fixed itself days later. 

What prompts this behavior to change and decide, "Oh well today I think it's okay, so I'm going to allow a download.  Yesterday didn't work for me."

I really don't understand this logic with the firewall.

messageid="16002" log_type="Content Filtering" log_component="HTTP" log_subtype="Denied" fw_rule_id="5" fw_rule_name="#Default_Network_Policy" fw_rule_section="Local rule" user="" user_group="" web_policy_id="12" web_policy="Default Policy" category="Download Freeware & Shareware" category_type="Objectionable" url="">international-gfe.download.nvidia.com" content_type="" override_token="" src_ip="172.18.0.98" dst_ip="192.229.211.70" protocol="TCP" src_port="63610" dst_port="443" bytes_sent="0" bytes_received="0" domain="international-gfe.download.nvidia.com" exception="" activity_name="" reason="" user_agent="" status_code="403" transaction_id="" referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id="3501233152" app_name="" app_is_cloud="0" override_name="" override_authorizer="" used_quota="0"


This thread was automatically locked due to age.
  • 0

    Looks like the website is refusing to connect on their end.... You are attempting to browse the root of an USA Hosted, NVIDIA File Download Server.
    To download the file you wish to access please use its full direct URL.

    I would post the other links, but other URLs always gets flagged as spam.

    Can you download the drivers from the US-en based website?

  • 0

    Hi,

    when you workout the answer, please publish it. My wife and I both run apple desktops hers an air, mine an map, I can download software updates hers fails. There are no anti software installed on either machine and we use the same wifi and firewall rules. Once I add a site exception the application updates, then disable the exception the application updates without errors.

    ian

    Additional information, I thought I should add. The software downloaded and installed on the Mac Air along with a number of updates until the last update which failed. Both Macs are using the M1 chip.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.



    Added extra information.
    [edited by: rfcat_vk at 1:46 AM (GMT -7) on 12 Jun 2023]
  • 0 in reply to alan weir

    No, the issue is the classification set by Sophos.  The category is the problem here - category="Download Freeware & Shareware" and listed as "Objectionable".

    If you allow that category in your exception, it works fine.  The problem I have is - why?  Why has it changed?  Why wouldn't the exception I have created work for download?  It worked fine before.

    Alan, I'm not downloading from a direct link, I use GeForce Experience, which tells you when a driver set is ready for download, then you tell it to download the drivers (or set it to automatically download them), and the domain is the same domain I've always gotten it from.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Do you have a log output from this previous working download? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I checked my log viewer this morning, and I don't have anything identical to downloading drivers, which is about right - it's been over a month since the last driver update for me (Log goes back 30 days).  However, there are a lot of other entries with that domain, but different sub-domains that were allowed and categorized as 'Information Technology'.  

    I don't see how the drivers would be any different of a category.  They aren't shareware.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Could you change the category of Download Freeware and Shareware from Objectionable to Acceptable?

    Or perhaps create a URL entry for all download.nvidia.com subdomains, and classify them as Acceptable?

    I don't think it's possible to use regex for URL entries though.

  • 0 in reply to Amodin

    Likely you have to separate between the CDN and the Nvidia Website. 

    So the CDN Part of your URL is categorized by Intelix as Shareware/Freeware Download CDN: intelix.sophos.com/login

    __________________________________________________________________________________________________________________

  • 0 in reply to alan weir

    I'd rather keep the Shareware out of acceptable, and rather have the domain acceptable.  I have a regex exception for nvidia.com, I will try it with download.nvida.com and see if I can mess with that.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0

    Just... wow.  I can't believe this.

    So trying to figure this out again, I get a notification of another download for drivers.  I created a web exception in my Safe Downloading exceptions list which I add a regex entry for ^([A-Za-z0-9.-]*\.)download\.nvidia\.com/ and try again.

    Nope, not allowed.

    Then I look at the log viewer, and I see that my Country Blocking Rule to China is denying me any access to the download.  No problem, I get that, the CDNs probably are redirected all over the place.

    But - I then do something that I tell myself, "No way, this shouldn't be allowed."

    I add back the Download Shareware and Freeware category back into my same Safe Downloading exceptions.

    It starts downloading.

    Why on this earth, would you tell someone's top rule of "No, not at all" to be bypassed by a shareware category of all things?  Am I just not getting this methodology? That's okay, but adding my explicit regex exception isn't allowed?  Does this not make sense to anyone else?  For me, this just screams "Foul".

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Hi Amodin,

    my XG shows Nvidia.com as

    When I connect to the site it show America. I have a country block for China, but not Taiwan. I did not try to download and drivers, but I do get a selection list.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML