RE: [FW1] Liveupdate.symantec.com issues

Mon, 26 Jun 2000 09:49:23 -0700 


We've had the same problem. Our solution was to use the administration tools
of the Norton Antivirus to create an internal download folder inside our
network. Once a week an administrator (with full access) downloads the virus
definitions update and all users connect to an internal server to update
their programs. This solution saves bandwidth because you only have one
download from the net. As far as I can remember it involves changing a
couple of DLLs on the clients to redirect liveupdate to the network instead
of the Internet.

Regards
Jorge Fernandes
CMVM
Lisbon, Portugal

-----Original Message-----
From: Bryan Porter [mailto:[EMAIL PROTECTED]]
Sent: Ter�a-feira, 20 de Junho de 2000 21:06
To: FireWall-1 Mailing List (E-mail)
Subject: [FW1] Liveupdate.symantec.com issues



I have a network administrator using Norton Corporate Anti-virus. This box
gets its updates from liveupdate.symantec.com or ftp.symantec.com. If I do
an nslookup query for these names I see that Symantec is round robining
these names between ten boxes and four boxes respectively. Since this update
service runs on an important server in our network I don't want to give it
open access through FTP and HTTP to the entire internet, so I opened up only
these fourteen boxes. The problem is Symantec will add or change IP's in
this round robin, then I have to revisit this rule, add the boxes. Symantec
has not made this easy for firewall admins.
Has anyone found a better way of doing this? I have considered putting an
entry in the host file of the server so that it only tries to access one box
for ftp.syamntec.com and one for liveupdate.syamntec.com. Am I missing
something, is there a better/easier way of doing this?

TIA 
Bryan


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to