• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DMZ server updating anti-virus woes

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> DMZ server updating anti-virus woes Page: [1]
Login
Message << Older Topic   Newer Topic >>
DMZ server updating anti-virus woes - 24.Feb.2010 3:22:48 PM   
chunk

 

Posts: 7
Joined: 18.Feb.2008
From: UK
Status: offline
Hi All,

having a problem that has been bending my head for a long while now and hoping that somebody may be able to point me in the right direction/show me the error of my ways.

ISA 2006 on W2k3, Three Leg template used, Private address DMZ segment.

DMZ > Internal = Route
DMZ > External = NAT

I have a server in the DMZ that is not a Domain member (192.168.100.20) and has a standalone of our Anti-Virus installed. I'm having a real fun time trying to get the AV to update definitions for the web. Checked with our AV provider (Sophos) and I need to be able to resolve their domain name (they use Akamai servers to host their updates so can be no more specific, in the settings of the AV the update location is just referenced as 'Sophos') and I need 80 out from the DMZ as the update requests are plain http.

So I have published my internal DNS server (192.168.1.8) (uses forwarders to resolve internet DNS) listening on the DMZ and I have created an access rule to allow http from the DMZ server to both a sophos.com domain set and *.sophos.com URL set. The DNS for the DMZ server points to my Internal DNS. Both DMZ and Internal DNS servers are configured as SNAT. The DMZ server never successfully updates the AV and from the logs I see the following:

192.168.100.20 DMZ Server queries Internal DNS 192.168.1.8 using created publishing rule, then 192.168.100.20 DMZ Server tries to connect to IP Address (which resolves to AKamai servers) on 80 HTTP and results in Denied Connection

From the log files the Result Code is 0xc0040012 FWX_E_NETWORK_RULES_DENIED

I have a Server on the Internal Network that successfully updates from Sophos with just an HTTP access rule using the same URL/Domain sets so I know they are good. What am I doing wrong? Hopefully somebody will point out a glaring omission/misconfiguration on my part.

thanks in advance for your wisdom

Chunk
Post #: 1
RE: DMZ server updating anti-virus woes - 13.Apr.2010 11:08:32 AM   
chunk

 

Posts: 7
Joined: 18.Feb.2008
From: UK
Status: offline
OK, so it's pretty quiet round here.....

Anyway, finally figured it out and pretty lame on my behalf really.

Enabled Web Proxy on the DMZ Network object, put the IP of the DMZ NIC in the 'access using proxy' settings of Sophos, voila!


(in reply to chunk)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> DMZ server updating anti-virus woes Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts