Windows Update and Firewall (Velociraptor 1100)

Archived from groups: comp.security.firewalls (More info?)

Hi,
With all the worms and MS patches out there we have recently installed a
firewall by Symantec but we are trying to figure out how to allow the
Windows Update site to work. We thought that the redirected http service
would be enough to allow the update site to look for missing patches and
updates but it just doesn't seem to want to scan the PC. Does anyone know
what port it is supposed to scan on or rather the service that we need to
open up so that we can keep my 2000 server up to date?
6 answers Last reply
More about windows update firewall velociraptor 1100
  1. Archived from groups: comp.security.firewalls (More info?)

    Hi DaMaN, If your firewall is blocking Mobile code, Active X, Java,
    scripts, cookies, Ads, Windows Update won't work. In other words,
    allow everything you'd normally block, perhaps set your internet zone
    security to medium instead of high, and try again. Make sure your
    browser also allows all, too. Good luck. charlie R


    "DaMaN" <ottawapak@remove-me.icqmail.com> wrote in message
    news:c7tcug$4lk$1@nrc-news.nrc.ca...
    > Hi,
    > With all the worms and MS patches out there we have recently
    installed a
    > firewall by Symantec but we are trying to figure out how to allow
    the
    > Windows Update site to work. We thought that the redirected http
    service
    > would be enough to allow the update site to look for missing patches
    and
    > updates but it just doesn't seem to want to scan the PC. Does anyone
    know
    > what port it is supposed to scan on or rather the service that we
    need to
    > open up so that we can keep my 2000 server up to date?
    >
    >
  2. Archived from groups: comp.security.firewalls (More info?)

    charlie R schrieb:
    > Hi DaMaN, If your firewall is blocking Mobile code, Active X, Java,
    > scripts, cookies, Ads, Windows Update won't work. In other words,
    > allow everything you'd normally block, perhaps set your internet zone
    > security to medium instead of high, and try again. Make sure your
    > browser also allows all, too. Good luck. charlie R

    Yes, with all that, you might consider not enabling all that but instead
    subscribing to the Microsoft Security Bulletin List. You'll get an email
    whenever there is a new security update and you'll download it from the
    downloads page and install it yourself. That way you do not enable
    anything particular dangerous and you have full control of the updates
    installed.

    If you don't want to do that: the easiest way to figure out what the
    firewall blocks is to look into the protocol. Usually, anything
    important blocked should appear there...

    Gerald
  3. Archived from groups: comp.security.firewalls (More info?)

    DaMaN said in news:c7tcug$4lk$1@nrc-news.nrc.ca:
    > Hi,
    > With all the worms and MS patches out there we have recently
    > installed a firewall by Symantec but we are trying to figure out how
    > to allow the Windows Update site to work. We thought that the
    > redirected http service would be enough to allow the update site to
    > look for missing patches and updates but it just doesn't seem to want
    > to scan the PC. Does anyone know what port it is supposed to scan on
    > or rather the service that we need to open up so that we can keep my
    > 2000 server up to date?

    Right-click on the tray icon (or use the application shortcut to load
    it) to temporarily disable the firewall to see if it is indeed the cause
    of your problem. You only mention Symantec but not which firewall you
    use. I have their personal Norton Internet Security but I'm sure they
    have a corporate or enterprise version, too. The personal version will
    popup alerts when an application is trying to make an Internet
    connection. It should offer an auto-configure selection.

    It may not be your firewall. Could be the settings for your Internet
    security zone. So list the "*.windowsupdate.microsoft.com" site under
    the Trusted security zone. If you have MS Office, you probably should
    also add "officeupdate.microsoft.com" to your Trusted security zone.


    --
    ____________________________________________________________
    *** Post replies to newsgroup. Share with others.
    *** Email: domain = ".com" and append "=NEWS=" to Subject.
    ____________________________________________________________
  4. Archived from groups: comp.security.firewalls (More info?)

    This could be the only recourse as none of the changes to IE or trying to
    open a hole for a temporary access seemed towork. I may have to call
    Symantec to find out if they know the ports to open specifically.

    "Gerald Vogt" <vogt@spamcop.net> wrote in message
    news:aProc.246494$e17.156905@twister.nyroc.rr.com...
    > charlie R schrieb:
    > > Hi DaMaN, If your firewall is blocking Mobile code, Active X, Java,
    > > scripts, cookies, Ads, Windows Update won't work. In other words,
    > > allow everything you'd normally block, perhaps set your internet zone
    > > security to medium instead of high, and try again. Make sure your
    > > browser also allows all, too. Good luck. charlie R
    >
    > Yes, with all that, you might consider not enabling all that but instead
    > subscribing to the Microsoft Security Bulletin List. You'll get an email
    > whenever there is a new security update and you'll download it from the
    > downloads page and install it yourself. That way you do not enable
    > anything particular dangerous and you have full control of the updates
    > installed.
    >
    > If you don't want to do that: the easiest way to figure out what the
    > firewall blocks is to look into the protocol. Usually, anything
    > important blocked should appear there...
    >
    > Gerald
  5. Archived from groups: comp.security.firewalls (More info?)

    I guess I wasn't clear in my message but this is an enterprise solution. The
    Velociraptor 1100 is a firewall appliance that is sitting in front of the
    webserver and we are using the NAT to hide behind it. However, we do have
    the webserver allowing traffic in and out so people can see the website but
    the issue I have is https:// or rather the windowsupdate.microsoft.com comes
    back with 0x800c0005 error on its site when I try to scan for updates. Must
    have something to do with it comparing its cookies and and stuff.
    Not sure.

    "*Vanguard*" <no-email@reply-to-newsgroup.invalid> wrote in message
    news:i-ednToVCYsZAT_dRVn-uw@comcast.com...
    > DaMaN said in news:c7tcug$4lk$1@nrc-news.nrc.ca:
    > > Hi,
    > > With all the worms and MS patches out there we have recently
    > > installed a firewall by Symantec but we are trying to figure out how
    > > to allow the Windows Update site to work. We thought that the
    > > redirected http service would be enough to allow the update site to
    > > look for missing patches and updates but it just doesn't seem to want
    > > to scan the PC. Does anyone know what port it is supposed to scan on
    > > or rather the service that we need to open up so that we can keep my
    > > 2000 server up to date?
    >
    > Right-click on the tray icon (or use the application shortcut to load
    > it) to temporarily disable the firewall to see if it is indeed the cause
    > of your problem. You only mention Symantec but not which firewall you
    > use. I have their personal Norton Internet Security but I'm sure they
    > have a corporate or enterprise version, too. The personal version will
    > popup alerts when an application is trying to make an Internet
    > connection. It should offer an auto-configure selection.
    >
    > It may not be your firewall. Could be the settings for your Internet
    > security zone. So list the "*.windowsupdate.microsoft.com" site under
    > the Trusted security zone. If you have MS Office, you probably should
    > also add "officeupdate.microsoft.com" to your Trusted security zone.
    >
    >
    > --
    > ____________________________________________________________
    > *** Post replies to newsgroup. Share with others.
    > *** Email: domain = ".com" and append "=NEWS=" to Subject.
    > ____________________________________________________________
    >
    >
  6. Archived from groups: comp.security.firewalls (More info?)

    The first time one uses WUpdate on a box, it is required that an
    ActiveX Control is downloaded to use the service. Have you checked
    the status of that ActiveX Control? Perhaps it was never downloaded?
    Is it by any chance corrupted?

    Brad


    On Thu, 13 May 2004 12:30:09 -0400, "DaMaN"
    <ottawapak@remove-me.icqmail.com> wrote:

    >I guess I wasn't clear in my message but this is an enterprise solution. The
    >Velociraptor 1100 is a firewall appliance that is sitting in front of the
    >webserver and we are using the NAT to hide behind it. However, we do have
    >the webserver allowing traffic in and out so people can see the website but
    >the issue I have is https:// or rather the windowsupdate.microsoft.com comes
    >back with 0x800c0005 error on its site when I try to scan for updates. Must
    >have something to do with it comparing its cookies and and stuff.
    >Not sure.
    >
    >"*Vanguard*" <no-email@reply-to-newsgroup.invalid> wrote in message
    >news:i-ednToVCYsZAT_dRVn-uw@comcast.com...
    >> DaMaN said in news:c7tcug$4lk$1@nrc-news.nrc.ca:
    >> > Hi,
    >> > With all the worms and MS patches out there we have recently
    >> > installed a firewall by Symantec but we are trying to figure out how
    >> > to allow the Windows Update site to work. We thought that the
    >> > redirected http service would be enough to allow the update site to
    >> > look for missing patches and updates but it just doesn't seem to want
    >> > to scan the PC. Does anyone know what port it is supposed to scan on
    >> > or rather the service that we need to open up so that we can keep my
    >> > 2000 server up to date?
    >>
    >> Right-click on the tray icon (or use the application shortcut to load
    >> it) to temporarily disable the firewall to see if it is indeed the cause
    >> of your problem. You only mention Symantec but not which firewall you
    >> use. I have their personal Norton Internet Security but I'm sure they
    >> have a corporate or enterprise version, too. The personal version will
    >> popup alerts when an application is trying to make an Internet
    >> connection. It should offer an auto-configure selection.
    >>
    >> It may not be your firewall. Could be the settings for your Internet
    >> security zone. So list the "*.windowsupdate.microsoft.com" site under
    >> the Trusted security zone. If you have MS Office, you probably should
    >> also add "officeupdate.microsoft.com" to your Trusted security zone.
    >>
    >>
    >> --
    >> ____________________________________________________________
    >> *** Post replies to newsgroup. Share with others.
    >> *** Email: domain = ".com" and append "=NEWS=" to Subject.
    >> ____________________________________________________________
    >>
    >>
    >
Ask a new question

Read More

Firewalls Velociraptor Windows Update Networking