Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Windows Updates

I am setting up some new WIN2000 boxes from scratch behind a Fortigate 200. Once I have the operating system up and running, I run the Windows Update. All but the last two updates work fine, but the systems fail to install the latest two WIN2K updates. When I disable A/V and Firewall (see attached image), the updates install without a problem. How do I program the Fortigate to allow Windows Update to work properly (without disabling A/V)?
21 REPLIES 21
Not applicable

I have seen the same issue, and I believe it may have to do with WindowsUpdate and the extensive changes the latest MS04 updates contain within the actual patches. Looking forward to others responses.
skyhigh
New Contributor

to quote a previous post ... RE: Policy for Permitting Windows Update putting windowsupdate.com in the URL exemptlist has the same effect & is a lot easier
Fortinet Technical Support
Fortinet Technical Support
Not applicable

<<putting windowsupdate.com in the URL exemptlist has the same effect & is a lot easier >> I tried that first. Didn' t work with a couple of the WIN2K updates! Any other ideas?
Not applicable

I have had the same problems. Some machine just wont update, other update fine. Some take forever to update. Everything works like a champ if AV is turned off. Something I tried and worked well SO FAR: Make sure that you are not block .dll files in your file block list, also make sure you are not blocking VBScripts. I was blocking dll' s and when I disabled that file type block, it started working more smoothly. w3rD
Not applicable

OK. Here is my latest setup attempt to allow all WIN2K Updates, as per suggestions from this forum. I added microsoft.com and windowsupdate.com to the URL Exempt List. I unblocked both *.dll and *.vb? for HTTP and FTP. I did a fresh install of WIN2K on a new (blank) machine and went into the Windows Update. As before, all updates downloaded and installed (albeit, slowly) with the exception of the following error: " Update Failed Security Update for Windows 2000 (KB835732)" The problem seems to always effect that specific update. Every time. I then unchecked Anti-Virus & WebFilter, and the update took place flawlessly. Since I am rolling out seven Fortigate-60s to remote retail store locations to talk with my exisiting Foritgate-200 in the main office, I am concerned about the ability to " set-it-and-forget-it" in terms of the Anti-Virus & Web Filter function interfering with future updates! After all, this was one of the main features that influenced my decision to go with Fortinet. Is this an " intermittent" thing that I am going to have to live with and add to my list of management tasks, or is there something I am missing here that will fix this. Bruce (an admitted newbie)
Not applicable

Bruce, you have described some of the headaches I have had with the fortigate boxes. Some sites, some downloads simply will NOT work with any AV scanning turned on. This is regardless of whether they are in the URL exempt list or not. Fortigate is a young company, and they have a potentially great product on their hands, but their code is a little, no a lot buggy at this point. It is my understanding that they have delayed the release of 2.8 so they can do more rigorous testing to get all the bugs out. This is good news to me, I don' t care if they wait till next year, but the next release needs to be as bug free as possible. w3rD
Not applicable

I agree 101% with your last post Forrest ! May be a year for 2.8 is a little too long ?
Not applicable

Same Problem here and that' s really bad! But I am sure that Fortinet will solve this problem very soon because we have to be able to update the windows-machines. /Detlef
Not applicable

Take a breath... :) Be aware that because of MS Patch distribution to block Sasser there should be a lot of traffic to and from the Microsoft servers (and Windows Update). I found that my connection to windows Update global are too slow to do anything good. On other machine (localized Hebrew) it was enought to perform the update but not as fast a it is normaly. I guess the localized one don' t use the same MS servers...
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors