Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 7187 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow Norton Antivirus LiveUpdate through Web Protection

r3gan
Hi all,

I've done some searching in the forums here on this topic, but can't find any relevant threads except for the one about using the web proxy in Standard mode.

We have a UTM425, running Sophos release 9.111, and have web filtering turned ON in Transparent mode.  None of the Norton Antivirus programs are able to connect to LiveUpdate anymore.  The error is the same as the other post I found; "there is a problem connecting to the LiveUpdate server".  If I disable the web filtering option in the UTM425, then the clients can successfully connect and update.  I have tried putting URL exceptions in for symantec.com and symantecliveupdate.com but neither of these help.  

Has anyone else had this problem?  Can you offer suggestions to fix it?

Thanks!


This thread was automatically locked due to age.
Parents
  • 0
    R3gan, please show one or two lines from the Web Filtering log related to this problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    R3gan, please show one or two lines from the Web Filtering log related to this problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hi Bob,

    That's the interesting thing; I don't see any errors or output in the web filter log that give an indication of the problem.  Here is a sample of the live log window when I did some testing earlier:

    2014:08:13-20:13:45 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs19.astaro.com' access time: 357ms"
    2014:08:13-20:13:45 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs01.astaro.com' access time: 343ms"
    2014:08:13-20:13:45 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs12.astaro.com' access time: 371ms"
    2014:08:13-20:13:46 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs02.astaro.com' access time: 368ms"
    2014:08:13-20:13:46 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs11.astaro.com' access time: 408ms"
    2014:08:13-20:13:47 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs22.astaro.com' access time: 391ms"
    2014:08:13-20:13:47 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs10.astaro.com' access time: 504ms"
    2014:08:13-20:13:48 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs09.astaro.com' access time: 434ms"
    2014:08:13-20:13:48 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs17.astaro.com' access time: 464ms"
    2014:08:13-20:13:48 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs15.astaro.com' access time: 456ms"
    2014:08:13-20:23:49 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs18.astaro.com' access time: 67ms"
    2014:08:13-20:23:49 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs24.astaro.com' access time: 68ms"
    2014:08:13-20:23:49 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs25.astaro.com' access time: 91ms"
    2014:08:13-20:23:49 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs14.astaro.com' access time: 91ms"
    2014:08:13-20:23:49 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs06.astaro.com' access time: 153ms"
    2014:08:13-20:23:49 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs03.astaro.com' access time: 204ms"
    2014:08:13-20:23:49 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs23.astaro.com' access time: 204ms"
    2014:08:13-20:23:50 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs13.astaro.com' access time: 200ms"
    2014:08:13-20:23:50 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs28.astaro.com' access time: 201ms"
    2014:08:13-20:23:50 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs07.astaro.com' access time: 210ms"
    2014:08:13-20:23:50 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs08.astaro.com' access time: 261ms"
    2014:08:13-20:23:50 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs26.astaro.com' access time: 285ms"
    2014:08:13-20:23:51 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs16.astaro.com' access time: 259ms"
    2014:08:13-20:23:51 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs04.astaro.com' access time: 340ms"
    2014:08:13-20:23:51 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs21.astaro.com' access time: 336ms"
    2014:08:13-20:23:52 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs01.astaro.com' access time: 343ms"
    2014:08:13-20:23:52 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs27.astaro.com' access time: 336ms"
    2014:08:13-20:23:52 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs20.astaro.com' access time: 339ms"
    2014:08:13-20:23:53 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs05.astaro.com' access time: 339ms"
    2014:08:13-20:23:53 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs19.astaro.com' access time: 362ms"
    2014:08:13-20:23:54 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs02.astaro.com' access time: 378ms"
    2014:08:13-20:23:54 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs12.astaro.com' access time: 354ms"
    2014:08:13-20:23:54 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs22.astaro.com' access time: 408ms"
    2014:08:13-20:23:55 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs11.astaro.com' access time: 411ms"
    2014:08:13-20:23:55 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs09.astaro.com' access time: 425ms"
    2014:08:13-20:23:56 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs15.astaro.com' access time: 463ms"
    2014:08:13-20:23:56 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs17.astaro.com' access time: 440ms"
    2014:08:13-20:23:56 utm425 httpproxy[18161]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="818" message="server 'cffs10.astaro.com' access time: 414ms"

    I wrapped this in 
     blocks because it's so long, but you will see that all of the lines relate to some internal process (I believe), and none of them are error logs relating to a blocked connection from by the web filter.

    Right when I opened the live log window, I started a Norton LiveUpdate on a governed machine, and it failed with the same symptoms it always does.  Then around half way through the log lines, I added that machine to the Web Protection -> Web Filtering -> Advanced -> Transparent mode skiplist box where it says "Skip transparent mode source hosts/nets".  Immediately after I added the machine to this list, I re-ran the LiveUpdate process, and it was able to connect, download, and successfully update the Norton client.

    So I am a little confused now... because when the governed machine is NOT in the skip list, the live log is showing me no errors about anything being blocked.  Also I've attached a screenshot of the Web Filter Exception created for Symantec products.  I believe I have everything being "skipped", except for logging any blocked pages.

    Thanks.
Unfiltered HTML