Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mike_Orr
New Contributor

Symantec Endpoint LiveUpdate

Hi all,

I'm hoping someone here has successfully been able to set this up and can give me some pointers.

I'm running 6.0.4 on a 200E and need to allow Symantec LiveUpdate to run through the F/W.

The updates work when I allow all traffic from DMZ -> WAN, so I know the Symantec software is installed fine. However, when I block internet traffic, allow DNS lookup to pass through as LiveUpdate uses FQDNs and follow the Symantec tech article to allow it through the firewall, it fails every time.

 

The tech article in question can be found here: https://support.symantec.com/en_US/article.TECH102059.html

 

I've done some packet tracing when all traffic is allowed and it looks like LiveUpdate has multiple CNAMEs returned from the DNS. Should these CNAMEs be added to the policy as allowed or should the firewall be able to deal with them?

 

It's getting to the point where I'm considering setting up LiveUpdate to run once a day and to allow all traffic out to the internet for a 10 min widow while it does. However this is obviously not the preferred solution.

Thanks in advance for any help given :)

1 Solution
Dave_Hall
Honored Contributor

Going by that KB article, creating FQDNs for liveupdate.symantecliveupdate.com and liveupdate.symantec.com and creating a firewall policy allowing "unrestricted" access to those FQDNs should do the trick  (assuming the firewall rule is moved up in the firewall chain).

 

Alternately there is an application sensor that you could also apply. 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
2 REPLIES 2
Dave_Hall
Honored Contributor

Going by that KB article, creating FQDNs for liveupdate.symantecliveupdate.com and liveupdate.symantec.com and creating a firewall policy allowing "unrestricted" access to those FQDNs should do the trick  (assuming the firewall rule is moved up in the firewall chain).

 

Alternately there is an application sensor that you could also apply. 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Mike_Orr

Thanks for the answer Dave, I'd already done your first suggestion to no avail. However I'd never played with the application control options, so I thought I'd give it a go.

After 20 mins of reading and 5 mins of config work on the firewall, it all worked first time.

Well done, and thanks again for a great response.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors