I have a network administrator using Norton Corporate Anti-virus. This box
gets its updates from liveupdate.symantec.com or ftp.symantec.com. If I do
an nslookup query for these names I see that Symantec is round robining
these names between ten boxes and four boxes respectively. Since this update
service runs on an important server in our network I don't want to give it
open access through FTP and HTTP to the entire internet, so I opened up only
these fourteen boxes. The problem is Symantec will add or change IP's in
this round robin, then I have to revisit this rule, add the boxes. Symantec
has not made this easy for firewall admins.
Has anyone found a better way of doing this? I have considered putting an
entry in the host file of the server so that it only tries to access one box
for ftp.syamntec.com and one for liveupdate.syamntec.com. Am I missing
something, is there a better/easier way of doing this?
TIA
Bryan
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
