IP addresses for LiveUpdate for Cisco firewall

Norton Security | Norton Internet Security
1

We are setting up Norton AV for a client and we want to secure the PC from the internet. Since we have to allow ports 80, 21 and 443 access for updates we would like to restrict it to the LiveUpdate servers. I have the following list of servers that LiveUpdate uses: HTTP: symantec.com, symantecliveupdate.com, akamai.net FTP: speedera.net. However we need to use an IP address in the Cisco configuration rather than a host name. Do these hosts always resolve to the same IP address, or do they use some sort of distributed system of addresses? Has anyone else had this problem and found a workable solution?

2

We are setting up Norton AV for a client and we want to secure the PC from the internet. Since we have to allow ports 80, 21 and 443 access for updates we would like to restrict it to the LiveUpdate servers. I have the following list of servers that LiveUpdate uses: HTTP: symantec.com, symantecliveupdate.com, akamai.net FTP: speedera.net. However we need to use an IP address in the Cisco configuration rather than a host name. Do these hosts always resolve to the same IP address, or do they use some sort of distributed system of addresses? Has anyone else had this problem and found a workable solution?

3

Welcome to the community!


I'm not really experienced with Cisco and Sonic Firewall. But trying to resolve IP address for a domain as big as akamai is a difficult to impossible task. I'm sure for security reasons you won't find the list of IPs getting disclosed here as well (I'm assuming, but you may be lucky).


However, do these firewalls have something like a program control. That way, you can configure the program control to allow NAV to access the network, without being able to specify the ports and IP addresses. Cisco's and Sonic's forum will be an equally good option to seek help for doing this.

 

-MbR

4

Thanks for the info.  I believe SonicWall charges for a subscription to have program based filtering.  Since that subscription includes other things like anti virus then it renders Norton redundant.  Maybe those who have firewalls like this stop using Norton for this reason?  As our office workstations need only access a couple of WAN sites we use the SonicWall to restrict all other traffic and then had planned to keep the Norton subscription that everyone was used to.  Another Norton support person called me but after understanding the issue (they all want to say AntiVirus has no firewall so why do you have a problem) he said we will call you back in 24 hours.  That was 26 hours ago so I am still hopefull.