F-Secure Server Security 14.00 can't update in DMZ

Aspirant

F-Secure Server Security 14.00 can't update in DMZ

Hello 

 

I have server in DMZ with internet connection without connection to my Policy Manager located outside DMZ. 

 

I updated FSS from 12.00 to 14.00 and I can't download update database from Internet. When I try to dwonload update i have status "waiting for connection" 

 

As I remember in 12.00 there was no problem and updates are downloaded automatically from internet. Due to secure reason I don't want to open ports on my firewall in dmz to connect Policy manager. 

 

FSS 14.0 is trying to connect Policy Manager and download updates from there?  

How can I update FSS14.0? 

 

Thanks

Pand

5 REPLIES 5
Aspirant

Re: F-Secure Server Security 14.00 can't update in DMZ

Logs is showing

Update check failed, error=210 (unable to resolve host)

Connection failed

Moderator

Re: F-Secure Server Security 14.00 can't update in DMZ

Hi Pand

 

The update server is different for 14 version, which could be the reason you are not receiving updates.

 

You need to ensure that the connectivity to our public update server (guts2.sp.f-secure.com) has been whitelisted in your environment, and check that GUTS2 fallback has been enabled.

 

Aspirant

Re: F-Secure Server Security 14.00 can't update in DMZ

Hi Jamesch, 

 

Thanks for your reply. 

 

I would like to inform that guts2.ap.f-secure.com is whitelisted in my environment. F-secure server still try to connect to my Policy Manager which is outside DMZ and blocked by firewall. I would like to avoid allow to connect from DMZ to enterprise network.

 

I need to install standalone f-secure security server 14.00 on my server located in DMZ but updates  be from internet. It current state it doesn't work.  

 

How I can force F-Secure Security Server to download database updates directly from f-secure servers? 

 

Below is screen from FSS14.00 and AUA logs.

 

image.png

 

Thanks, 

Pand

Moderator

Re: F-Secure Server Security 14.00 can't update in DMZ

Hi Pand

 

Have you checked your fallback settings ? If issue still persists, moving forward, we will investigate your case which you have submitted.

 

Capture.JPG

 

For standalone new installations, product will need at least 3 hours to download all the Ultralight component and the rest of the updates.

 

You do not need to restart the machine even reboot prompted, until all updates are installed (3+ hours required).


If you restart earlier, not all updates will be present, and the new up to 3+ hours round will be needed to complete the download after boot. And restart dialog will be shown again in 20 minutes.

 

Please only restart after all updates are installed (3+ hours required).

 

It will behave as below:
============================================================
1. First approach downloads ULU handler
2. Second approach downloads ulcore
3. Third approach downloads all the rest UL db updates
4. Each one happen after failover timeout which is 1 hour interval

============================================================

The behavior can be seen from AUA.log
2019-07-18 17:13:46.508 [0a2c.0cc0] I: Connecting to guts2.sp.f-secure.com
2019-07-18 17:13:46.819 [0a2c.0cc0] I: Downloaded 'F-Secure Ultralight Updater Update 2018-09-18_01' - 'ulupdater-win64' version '1537259154'
2019-07-18 17:13:46.819 [0a2c.0cc0] I: Update check completed successfully
2019-07-18 17:13:46.819 [0a2c.0ff0] I: Installation of 'F-Secure Ultralight Updater Update 2018-09-18_01' : Processing
2019-07-18 17:13:47.475 [0a2c.0ff0] I: Installation of 'F-Secure Ultralight Updater Update 2018-09-18_01' : Success
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Connecting to wait.pmp-selector.local
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Update check failed, error=210 (unable to resolve host)
2019-07-18 17:13:48.663 [0a2c.0cc0] I: Connecting to wait.pmp-selector.local

 

After it downloads the Ultralight handler, it will try to connect back to the Policy Manager Server. In this period, product still not protected since the rest of Ultralight component still not downloaded. It needs to wait another fallback for the 2nd approach and so on.

Aspirant

Re: F-Secure Server Security 14.00 can't update in DMZ

Hi, 

 

Many thanks for your support! 

 

Yesterday I noticed that after installation FSS 14.00 updates were completed after 2 hours. 

 

Problem with installation in DMZ is solved now :)  I wasn't aware about such long time. 

 

Best regards, 

Pand