So I've been trying to figure out why the 2 clients I am running from the UTM based Endpoint security app are not updating. Multiple attempts to update failed with contacting the server. So I think I found out why, Got my executive report this morning from the UTM and saw 60 or so blocked attacks coming from the following IP addresses:
69.28.184.47 https-69-28-184-47.lga.llnw.net
208.111.135.98 https-208-111-135-98.lga.llnw.net
The reason for the blocks was the following attack rule:
FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt
So figured out the IPs belong to LimeLight Networks CDN. Then I saw another post from earlier in the year complaining of a similar situation, no updates. The tech working the thread asked the users to verify the server resolves and responds to pings. So I check the configured server in the client on my system which currently points to:
d3.sophosupd.com
Ping that and get 69.28.184.47 which resolves to sophos-1.hs.llnwd.net.
So now I know why I am not getting updates, but still not sure how it can be resolved. Any ideas? I do have some pending firmware upgrades which will be installed over the weekend (312-8, 313-3).
Thanks!
This thread was automatically locked due to age.
