Endpoint Protection

 View Only
Expand all | Collapse all

How do you whitelist symantec liveupdate ip in your firewall

  • 1.  How do you whitelist symantec liveupdate ip in your firewall

    Posted Mar 11, 2015 06:30 AM

    How do I whitelist liveupdate in our firewall. I have seen from this post http://www.symantec.com/connect/forums/liveupdate-behind-firewall that Symantec does not provide a list of IP addresses for the LiveUpdate. But suggest to whitelist. Is the FQDN always going to be correct and is it liveupdate.symantecliveupdate.com  In our firewall logs we had a FTP connection from  77.67.22.169 and file livetri.zip

    The ip does not have a reverse lookup name but liveupdate.symantecliveupdate.com has ip 83.148.190.96 and ping -a 83.148.190.96 gives cache.akamai.com

    Did 77.67.22.169 have a short lived rDNS and DNS?

     

     



  • 2.  RE: How do you whitelist symantec liveupdate ip in your firewall

    Posted Mar 11, 2015 01:40 PM

    you need to allow below ports on firewall.

    • LiveUpdate connects over TCP ports 80 (HTTP), 21 (FTP) and 443 (HTTPS).
    • The file that connects to the Internet is LuComServer_*_*.exe in LiveUpdate 2.5 and later and Lucomserver.exe in LiveUpdate 2.0 and earlier.
    • The default folder for this file is C:\Program Files\Symantec\LiveUpdate.
    • LiveUpdate connects via HTTP to the domains liveupdate.symantecliveupdate.comliveupdate.symantec.com, and akamai.net.
    • If a connection fails, LiveUpdate tries to connect to one of the other listed domains. The listed domains may change because of server maintenance.
    • If LiveUpdate cannot make an HTTP connection, LiveUpdate connects via FTP to update.symantec.com/opt/content/onramp.

    Note: Symantec does not supply IP addresses for Symantec LiveUpdate servers. The server addresses are not static and, consequently, routing directly to an IP address may cause LiveUpdate to fail.

    Reference: http://www.symantec.com/docs/TECH139451



  • 3.  RE: How do you whitelist symantec liveupdate ip in your firewall

    Posted Mar 11, 2015 02:01 PM

    Whitelist liveupdate.symantecliveupdate.com, liveupdate.symantec.com, and akamai.net.



  • 4.  RE: How do you whitelist symantec liveupdate ip in your firewall

    Posted Mar 12, 2015 04:22 AM

    Thanks for listing the domains Liveupdate connects to, but liveupdate also appears to connect to an ip without associated DNS names, can anyone confirm this? If am seeing our firewall blocking FTP sessions to liveupdate because it does not like the contents of the uploaded file, does it suggest that the HTTP session to liveupdate did not occur (maybe also blocked) as the order of connections is HTTP first then FTP second. Should I follow up why HTTP is not working?

     

     

     



  • 5.  RE: How do you whitelist symantec liveupdate ip in your firewall
    Best Answer

    Posted Mar 12, 2015 04:26 AM

    Symantec does not supply IP addresses for Symantec LiveUpdate servers. The server addresses are not static and, consequently, routing directly to an IP address may cause LiveUpdate to fail.

    see also below

    <IdsHttpConnectionMsg2><liveupdate.symantecliveupdate.com><80><HTTP>

    if that fails it goes to FTP on port 21
    <IdsFtpConnectionAttempt><update.symantec.com>

    URLs

    hosts/0/url=http://liveupdate.symantecliveupdate.com:80
    hosts/1/url=http://liveupdate.symantec.com:80
    hosts/2/url=ftp://update.symantec.com/opt/content/onramp

    http://liveupdate.symantecliveupdate.com

    http://liveupdate.symantec.com

    ftp://update.symantec.com/opt/content/onramp



  • 6.  RE: How do you whitelist symantec liveupdate ip in your firewall

    Posted Mar 12, 2015 05:05 AM

    Thanks. it looks to me like the HTTP is not working as it getting to the FTP stage.  FYI I was not trying to route to ip directly. Also we would have to disable the firewall antivirus by setting up a firewall rule specifically that matches the domain and FTP.



  • 7.  RE: How do you **** symantec liveupdate ip in your firewall

    Broadcom Employee
    Posted May 29, 2023 06:31 AM
    Edited by WAAM May 29, 2023 06:31 AM

    URLs to **** can be found here :

    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Getting-Started/urls-to-****-for-v129099891-d4155e9710.html

    Symantec LiveUpdate servers
    Used for SEP to connect to for definition engine and content updates.
    https://liveupdate.symantec.com
    https://liveupdate.symantecliveupdate.com
    If you use a proxy server and default LiveUpdate servers on SEPM, allow the following URLs with port 80 (no longer required in 14.3 RU1):
    http://liveupdate.symantec.com
    http://liveupdate.symantecliveupdate.com
    443



    ------------------------------
    Wahid Amer
    Strategic Support Engineer | Symantec Enterprise Division
    Broadcom
    ------------------------------



  • 8.  RE: How do you **** symantec liveupdate ip in your firewall

    Posted Oct 10, 2023 09:16 AM

    WAAM, your link is failing to 404 page not found.  Can you provide current link for ?
    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Getting-Started/urls-to-****-for-v129099891-d4155e9710.html