On our Cisco FW, we have opened tcp 80/443 flow for the sites shown below. We found IP adresses doing DNS Lookup. Unfortunately it seems IPs ares different dependeing the time / date we perform DNS lookup. Result, we didn't open enough, Updates are KO.
What are the IP ranges we should open on our FW?
Any other solution?
Many thanks in advance for the help
Sites List
-------------
80 HTTP Out downloads.ironport.com Service updates, except for AsyncOS upgrades and McAfee definitions.
80 HTTP Out updates.ironport.com AsyncOS upgrades and McAfee Anti-Virus definitions.
443 TCP Out res.cisco.com Cisco Registered Envelope Service
443 TCP Out updates-static.ironport.com Verify the latest files for the update server.
443 TCP Out phonehome.senderbase.org Receive/Send Virus Outbreak
MAC