This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Garmin Express fails when webfiltering is enabled.

Wasted the last hour trying to figure out why I was having issues updating my gps.

Turns out it was web filtering.  Garmin uses regular http calls to download the update components.  This worked for some of the smaller pieces but larger files (some as large as 800MB) were failing (logs indicated md5 mismatches).  After much head scratching I realized UTM was added since the last time I did an update.

I disabled both IPS and web filtering as snort was slowing down the download.  With these two disabled the update completely successfully.

One would think in this day and age garmin would be using https calls (which are excluded from web filtering by an exception).

So something to keep in mind if you have a nuvi or zumo and are having issues updating.



This thread was automatically locked due to age.
  • Try some excludes for that url and let web filtering turned on.

    Best regards

    Alex

    -

  • Alex, yes that would work too.  Would require more time to figure out which site(s) the program is trying to connect to.  Parsing raw webfilter logs isn't difficult but is tedious. As this is a home implementation, it was quicker to just disable it temporarily.

    On that topic, is there a tool to reformat the webfilter (and firewall) logs into more easily decipherable format?

  • I read the logs with notepad++, but more out of habit than a big gain in comfort.

    Usually it is enough to know the URL. Much more granular to create an exception will reduce the durability once a change takes place.

    But to answer your question, I don't know a tool for that.

    Maybe anybody else?

    Best

    Alex

    -

  • Alex, I'll revisit this next year when it's time to update the gps map data again.  While garmin releases updates every 3-4 months, I see little reason to update for my use. 99.9% of the areas I visit haven't had any changes in years.

    As I'm discovering, the webfilter is a very powerful tool.

  • Hey Jay Jay,

    as a business user I had to work around and could not turn off web protection. But of course one has to estimate the effort to get a result.

    Best

    Alex

    -

  • I have built tools to parse the webfilter logs into SQL.   This link describes my general approach and provides sample code for the simpler log formats.   I left off the webfilter code because it is more complicated, but have not had any PM requests for more information.

    https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/100770/how-to-using-a-sql-database-to-interpret-utm-log-files

    For home use, building a SQL database is probably more effort than you want to undertake.

    Https is a growing portion of the internet, and Let's Encrypt allows anybody to do https for free.   So it is a mistake to assume that https is safe.   Ideally, you want https filtering with https inspection (decrypt and scan), but filtering alone is a good start.

    There will always be sites that will not work without an exception.   Good log parsing tools help you configure a precise exception rather than disabling more protections than are necessary.

  • I have been having this problem for years and the only solution I've found was to disable the Web Filtering.  None of the logs indicate a block, they are all allowed or pass.  But I have run across something odd, lets say I have 5 updates to do and I do them one at a time vice doing them all at once.  For the first one I need to disable the Web Filtering, once that is done I can re-enable the Web Filtering and all the rest of the updates can be completed without incident.  I can't explain it.  But I do leave the Web Filtering turned off during my updates now, I don't want half an update happening and then I brick my GPS.  Just not worth the risk.

     

    So if anyone has data they need to see, I can send a copy of the logs after I change any passwords that may be embedded.

     

    Cheers,

    -Joe