Myke 0 Posted June 28, 2007 Once again, I am having issues with the firewall policy in ISA 2004. I have Symantec AntiVirus Corportate Edition version 10.1 installed on all of our machines. One server is the primary server which acts as the parent server. The client was installed on the ISA server, but this had to be done manually, as the installation could not be completed via Remote Install in the SSC. The problem is this: the ISA server is not receiving the virus definition updates from the parent server as it should. I have been manually downloading those updates from the Symantec site (and yes, I am downloading the XDB file which is the correct file for the Corporate Edition). I have been working on this problem off and on for over a year now, but cannot seem to get the firewall policy on the ISA server to work properly (as before, this is also causing issues with Backup Exec 10). The parent server has no problem running LiveUpdate. All documentation that I have read does not provide solutions for working with ISA. Other Specifics: - TCP/UDP ports 2967 and 38293 are opened in the ISA firewall policy to allow traffic from the ISA to the parent server (have tried bidirectional as well) - ISA OS is Windows 2000 SP4 - All necessary updates/firmware have been installed - Parent server OS is Windows Server 2003 R2 - All other machines on network operating normally - ISA is the only firewall between parent server and ISA server As always, any help would be greatly appreciated. Thanks in advance! Share this post Link to post
DosFreak 2 Posted June 28, 2007 If you believe it's a firwall issue couldn't you open all ports to the between client and server and then log all network access between those 2 ip's? Share this post Link to post
Myke 0 Posted June 28, 2007 The problem with that is that the ISA server is our gateway. Opening up every port between the gateway and our mail server/DC could pose some interesting and rather evil results. I'm trying to avoid that approach. Now if the communication was only going from the parent to the ISA, then I do not believe it would be a problem. However, seeing as all documentation that I have read state that the connection must be going from the ISA to the parent server, that changes things up a bit. Share this post Link to post