Sign in with
Sign up | Sign in
Your question

Windows Update and Firewall (Velociraptor 1100)

Last response: in Networking
Share
Anonymous
May 12, 2004 2:39:12 PM

Archived from groups: comp.security.firewalls (More info?)

Hi,
With all the worms and MS patches out there we have recently installed a
firewall by Symantec but we are trying to figure out how to allow the
Windows Update site to work. We thought that the redirected http service
would be enough to allow the update site to look for missing patches and
updates but it just doesn't seem to want to scan the PC. Does anyone know
what port it is supposed to scan on or rather the service that we need to
open up so that we can keep my 2000 server up to date?
Anonymous
May 12, 2004 2:39:13 PM

Archived from groups: comp.security.firewalls (More info?)

Hi DaMaN, If your firewall is blocking Mobile code, Active X, Java,
scripts, cookies, Ads, Windows Update won't work. In other words,
allow everything you'd normally block, perhaps set your internet zone
security to medium instead of high, and try again. Make sure your
browser also allows all, too. Good luck. charlie R


"DaMaN" <ottawapak@remove-me.icqmail.com> wrote in message
news:c7tcug$4lk$1@nrc-news.nrc.ca...
> Hi,
> With all the worms and MS patches out there we have recently
installed a
> firewall by Symantec but we are trying to figure out how to allow
the
> Windows Update site to work. We thought that the redirected http
service
> would be enough to allow the update site to look for missing patches
and
> updates but it just doesn't seem to want to scan the PC. Does anyone
know
> what port it is supposed to scan on or rather the service that we
need to
> open up so that we can keep my 2000 server up to date?
>
>
Anonymous
May 12, 2004 7:56:54 PM

Archived from groups: comp.security.firewalls (More info?)

charlie R schrieb:
> Hi DaMaN, If your firewall is blocking Mobile code, Active X, Java,
> scripts, cookies, Ads, Windows Update won't work. In other words,
> allow everything you'd normally block, perhaps set your internet zone
> security to medium instead of high, and try again. Make sure your
> browser also allows all, too. Good luck. charlie R

Yes, with all that, you might consider not enabling all that but instead
subscribing to the Microsoft Security Bulletin List. You'll get an email
whenever there is a new security update and you'll download it from the
downloads page and install it yourself. That way you do not enable
anything particular dangerous and you have full control of the updates
installed.

If you don't want to do that: the easiest way to figure out what the
firewall blocks is to look into the protocol. Usually, anything
important blocked should appear there...

Gerald
Related resources
Anonymous
May 12, 2004 8:52:03 PM

Archived from groups: comp.security.firewalls (More info?)

DaMaN said in news:c7tcug$4lk$1@nrc-news.nrc.ca:
> Hi,
> With all the worms and MS patches out there we have recently
> installed a firewall by Symantec but we are trying to figure out how
> to allow the Windows Update site to work. We thought that the
> redirected http service would be enough to allow the update site to
> look for missing patches and updates but it just doesn't seem to want
> to scan the PC. Does anyone know what port it is supposed to scan on
> or rather the service that we need to open up so that we can keep my
> 2000 server up to date?

Right-click on the tray icon (or use the application shortcut to load
it) to temporarily disable the firewall to see if it is indeed the cause
of your problem. You only mention Symantec but not which firewall you
use. I have their personal Norton Internet Security but I'm sure they
have a corporate or enterprise version, too. The personal version will
popup alerts when an application is trying to make an Internet
connection. It should offer an auto-configure selection.

It may not be your firewall. Could be the settings for your Internet
security zone. So list the "*.windowsupdate.microsoft.com" site under
the Trusted security zone. If you have MS Office, you probably should
also add "officeupdate.microsoft.com" to your Trusted security zone.


--
____________________________________________________________
*** Post replies to newsgroup. Share with others.
*** Email: domain = ".com" and append "=NEWS=" to Subject.
____________________________________________________________
Anonymous
May 13, 2004 4:27:22 PM

Archived from groups: comp.security.firewalls (More info?)

This could be the only recourse as none of the changes to IE or trying to
open a hole for a temporary access seemed towork. I may have to call
Symantec to find out if they know the ports to open specifically.

"Gerald Vogt" <vogt@spamcop.net> wrote in message
news:aProc.246494$e17.156905@twister.nyroc.rr.com...
> charlie R schrieb:
> > Hi DaMaN, If your firewall is blocking Mobile code, Active X, Java,
> > scripts, cookies, Ads, Windows Update won't work. In other words,
> > allow everything you'd normally block, perhaps set your internet zone
> > security to medium instead of high, and try again. Make sure your
> > browser also allows all, too. Good luck. charlie R
>
> Yes, with all that, you might consider not enabling all that but instead
> subscribing to the Microsoft Security Bulletin List. You'll get an email
> whenever there is a new security update and you'll download it from the
> downloads page and install it yourself. That way you do not enable
> anything particular dangerous and you have full control of the updates
> installed.
>
> If you don't want to do that: the easiest way to figure out what the
> firewall blocks is to look into the protocol. Usually, anything
> important blocked should appear there...
>
> Gerald
Anonymous
May 13, 2004 4:30:09 PM

Archived from groups: comp.security.firewalls (More info?)

I guess I wasn't clear in my message but this is an enterprise solution. The
Velociraptor 1100 is a firewall appliance that is sitting in front of the
webserver and we are using the NAT to hide behind it. However, we do have
the webserver allowing traffic in and out so people can see the website but
the issue I have is https:// or rather the windowsupdate.microsoft.com comes
back with 0x800c0005 error on its site when I try to scan for updates. Must
have something to do with it comparing its cookies and and stuff.
Not sure.

"*Vanguard*" <no-email@reply-to-newsgroup.invalid> wrote in message
news:i-ednToVCYsZAT_dRVn-uw@comcast.com...
> DaMaN said in news:c7tcug$4lk$1@nrc-news.nrc.ca:
> > Hi,
> > With all the worms and MS patches out there we have recently
> > installed a firewall by Symantec but we are trying to figure out how
> > to allow the Windows Update site to work. We thought that the
> > redirected http service would be enough to allow the update site to
> > look for missing patches and updates but it just doesn't seem to want
> > to scan the PC. Does anyone know what port it is supposed to scan on
> > or rather the service that we need to open up so that we can keep my
> > 2000 server up to date?
>
> Right-click on the tray icon (or use the application shortcut to load
> it) to temporarily disable the firewall to see if it is indeed the cause
> of your problem. You only mention Symantec but not which firewall you
> use. I have their personal Norton Internet Security but I'm sure they
> have a corporate or enterprise version, too. The personal version will
> popup alerts when an application is trying to make an Internet
> connection. It should offer an auto-configure selection.
>
> It may not be your firewall. Could be the settings for your Internet
> security zone. So list the "*.windowsupdate.microsoft.com" site under
> the Trusted security zone. If you have MS Office, you probably should
> also add "officeupdate.microsoft.com" to your Trusted security zone.
>
>
> --
> ____________________________________________________________
> *** Post replies to newsgroup. Share with others.
> *** Email: domain = ".com" and append "=NEWS=" to Subject.
> ____________________________________________________________
>
>
Anonymous
May 24, 2004 9:57:09 PM

Archived from groups: comp.security.firewalls (More info?)

The first time one uses WUpdate on a box, it is required that an
ActiveX Control is downloaded to use the service. Have you checked
the status of that ActiveX Control? Perhaps it was never downloaded?
Is it by any chance corrupted?

Brad


On Thu, 13 May 2004 12:30:09 -0400, "DaMaN"
<ottawapak@remove-me.icqmail.com> wrote:

>I guess I wasn't clear in my message but this is an enterprise solution. The
>Velociraptor 1100 is a firewall appliance that is sitting in front of the
>webserver and we are using the NAT to hide behind it. However, we do have
>the webserver allowing traffic in and out so people can see the website but
>the issue I have is https:// or rather the windowsupdate.microsoft.com comes
>back with 0x800c0005 error on its site when I try to scan for updates. Must
>have something to do with it comparing its cookies and and stuff.
>Not sure.
>
>"*Vanguard*" <no-email@reply-to-newsgroup.invalid> wrote in message
>news:i-ednToVCYsZAT_dRVn-uw@comcast.com...
>> DaMaN said in news:c7tcug$4lk$1@nrc-news.nrc.ca:
>> > Hi,
>> > With all the worms and MS patches out there we have recently
>> > installed a firewall by Symantec but we are trying to figure out how
>> > to allow the Windows Update site to work. We thought that the
>> > redirected http service would be enough to allow the update site to
>> > look for missing patches and updates but it just doesn't seem to want
>> > to scan the PC. Does anyone know what port it is supposed to scan on
>> > or rather the service that we need to open up so that we can keep my
>> > 2000 server up to date?
>>
>> Right-click on the tray icon (or use the application shortcut to load
>> it) to temporarily disable the firewall to see if it is indeed the cause
>> of your problem. You only mention Symantec but not which firewall you
>> use. I have their personal Norton Internet Security but I'm sure they
>> have a corporate or enterprise version, too. The personal version will
>> popup alerts when an application is trying to make an Internet
>> connection. It should offer an auto-configure selection.
>>
>> It may not be your firewall. Could be the settings for your Internet
>> security zone. So list the "*.windowsupdate.microsoft.com" site under
>> the Trusted security zone. If you have MS Office, you probably should
>> also add "officeupdate.microsoft.com" to your Trusted security zone.
>>
>>
>> --
>> ____________________________________________________________
>> *** Post replies to newsgroup. Share with others.
>> *** Email: domain = ".com" and append "=NEWS=" to Subject.
>> ____________________________________________________________
>>
>>
>
!