F-Secure Server Security 14.00 can't update in DMZ
Hello
I have server in DMZ with internet connection without connection to my Policy Manager located outside DMZ.
I updated FSS from 12.00 to 14.00 and I can't download update database from Internet. When I try to dwonload update i have status "waiting for connection"
As I remember in 12.00 there was no problem and updates are downloaded automatically from internet. Due to secure reason I don't want to open ports on my firewall in dmz to connect Policy manager.
FSS 14.0 is trying to connect Policy Manager and download updates from there?
How can I update FSS14.0?
Thanks
Pand
Comments
-
Logs is showing
Update check failed, error=210 (unable to resolve host)
Connection failed
0 -
Hi Pand
The update server is different for 14 version, which could be the reason you are not receiving updates.
You need to ensure that the connectivity to our public update server (guts2.sp.f-secure.com) has been whitelisted in your environment, and check that GUTS2 fallback has been enabled.
0 -
Hi Jamesch,
Thanks for your reply.
I would like to inform that guts2.ap.f-secure.com is whitelisted in my environment. F-secure server still try to connect to my Policy Manager which is outside DMZ and blocked by firewall. I would like to avoid allow to connect from DMZ to enterprise network.
I need to install standalone f-secure security server 14.00 on my server located in DMZ but updates be from internet. It current state it doesn't work.
How I can force F-Secure Security Server to download database updates directly from f-secure servers?
Below is screen from FSS14.00 and AUA logs.
Thanks,
Pand
0 -
Hi Pand
Have you checked your fallback settings ? If issue still persists, moving forward, we will investigate your case which you have submitted.
For standalone new installations, product will need at least 3 hours to download all the Ultralight component and the rest of the updates.
You do not need to restart the machine even reboot prompted, until all updates are installed (3+ hours required).
If you restart earlier, not all updates will be present, and the new up to 3+ hours round will be needed to complete the download after boot. And restart dialog will be shown again in 20 minutes.Please only restart after all updates are installed (3+ hours required).
It will behave as below:
============================================================
1. First approach downloads ULU handler
2. Second approach downloads ulcore
3. Third approach downloads all the rest UL db updates
4. Each one happen after failover timeout which is 1 hour interval============================================================
The behavior can be seen from AUA.log
2019-07-18 17:13:46.508 [0a2c.0cc0] I: Connecting to guts2.sp.f-secure.com
2019-07-18 17:13:46.819 [0a2c.0cc0] I: Downloaded 'F-Secure Ultralight Updater Update 2018-09-18_01' - 'ulupdater-win64' version '1537259154'
2019-07-18 17:13:46.819 [0a2c.0cc0] I: Update check completed successfully
2019-07-18 17:13:46.819 [0a2c.0ff0] I: Installation of 'F-Secure Ultralight Updater Update 2018-09-18_01' : Processing
2019-07-18 17:13:47.475 [0a2c.0ff0] I: Installation of 'F-Secure Ultralight Updater Update 2018-09-18_01' : Success
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Connecting to wait.pmp-selector.local
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Update check failed, error=210 (unable to resolve host)
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Connecting to wait.pmp-selector.localAfter it downloads the Ultralight handler, it will try to connect back to the Policy Manager Server. In this period, product still not protected since the rest of Ultralight component still not downloaded. It needs to wait another fallback for the 2nd approach and so on.
2 -
Hi,
Many thanks for your support!
Yesterday I noticed that after installation FSS 14.00 updates were completed after 2 hours.
Problem with installation in DMZ is solved now
I wasn't aware about such long time. Best regards,
Pand
1
Categories
- All Categories
- 4.7K WithSecure Community
- 3.6K Products
- 1 Get Support