Endpoint Protection

Hello,

I am trying to determine how to open ports via the Firewall Policy that will allow for WSUS content to be pushed through. Currently, it seems that the SEP Firewall is blocking the WSUS content from getting through to the users, so I am trying to open the ports that are setup for WSUS.

Hello,

Are you running SEPM server and WSUS on the same server?

If yes, then check these Articles:

Windows Server Update Services (WSUS) no longer functions after installation of Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH102956

Symantec Endpoint Protection clients do not update definitions or signatures with Windows Server Update Services (WSUS) installed on the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH102866

WSUS (Windows Server Update Services) clients cannot install updates when Symantec Endpoint Protection is installed on the same Web site with WSUS

http://support.microsoft.com/kb/968248

Hope that helps!!

They are both on different servers. I did read that they both use the "Content" in IIS, but are on different ports..

They can talk to eachother (the servers), but they just cannot be deployed.

Hello,

In your case, I see no reason, Symantec should be blocking the ports.

However, What PORT is WSUS using? Is it using the Port 80 (default) or port 8530 an alternative port?

What software firewalls do you have on the servers and clients, if any at all? (Example: ISA) You didn't set up your GPO on the COMPUTERS group in active directory, did you?

Did you upgrade to Netframework 2.0 or later and MMC console 3.0?

Hope that helps!!

Because SEP is using port 80, I decided to allow WSUS to use port 8530 and 8531 (which are the ports that I want to open to see if it will allow the updates through)

All systems use SEP 11.x and the SEP firewall (no Windows Firewall enabled)

Netframework is at 4.0 on all systems.

GPO is set on the Workstations OU in AD

Prior to me working here, everything seemed to be working, but then we made changes, now we cannot send out Updates. I am trying to determine how to fix this issue.

Why I believe SEP is blocking the ports is because it is enabled on all systems (and servers), so if I can somehow make an exception for systems to allow this server/ports, it may possibly be the cause. 

Hello,

Since you have SEPM and WSUS on different server, you don't need to change the ports for WSUS on the server.

I would request you to change back the WSUS back to original one.

Hope that helps!!

I changed it back. It was set to 80 when I first started and it did not work even then. So something is causing this.

Hello,

I would request you to check these MS tech articles below:

http://technet.microsoft.com/en-us/library/cc708435(v=ws.10)

http://support.microsoft.com/kb/920659

http://technet.microsoft.com/en-us/magazine/gg153542.aspx

Incase, if the above does not help, I would suggest you to create a Ticket with Microsoft on this issue.

Hope that helps!!