Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20124
Views
0
Helpful
7
Replies

The updater has been unable to communicate with the update server for at least 1h.

Go to solution
jokkmeister
Level 1
Level 1

‎04-03-2013 12:25 AM

I have been getting these warnings for both my C-370's every hour since 16.37 EST April 1st. Before that it has happened now and then but always kicked in again.

Network department claims they haven't done anything. Anyone know if Cisco has problems or what else might be causing this? Everyhitng else works but for the anti-spam and sophos updates it seems.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Owens
Level 1
Level 1

‎04-03-2013 06:32 AM

We had the same problem - please check and update your firewall settings to the following information from Cisco:

 

Cisco is releasing new improvements to our Security Intelligence Operations infrastructure that will enable greater scalability and efficacy to all of your Cisco security products.  As part of this effort, there is a scheduled change to the IPv4 addresses for two hosts used in retrieving reputation updates from Cisco.com for Cisco Web, Email, and IPS appliances, as well as for the CX and Botnet Traffic Filter capabilities of the ASA. 

By default, Cisco security technologies use DNS to locate the appropriate update servers.  However, some environments may have configured static IP addresses in their access control.  If you have configured IP-based access control to permit outbound connections for updates from Cisco, you will need to modify your rules to support the new IP addresses.

Changes will be implemented between February 21, 2013 and March 30, 2013.

If the following IP addresses have been added to your access control policy:

update-manifests.ironport.com: 204.15.82.17 on port 443

updates-static.ironport.com: 204.15.82.16 on port 80

Please add the following IP addresses to your access control policy by February 21, 2013:

update-manifests.ironport.com 208.90.58.5 on port 443

updates-static.ironport.com 208.90.58.25 on port 80

Another note confirm this setting also:

downloads-statis.ironport.com: 204.15.82.8

The original IPs addresses will be deprecated by April 30, 2013.  If you do not modify necessary access controls, your Cisco security technologies will not be able to receive reputation updates.

Should you have any questions, please contact your local Cisco Support Team.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
David Owens
Level 1
Level 1

‎04-03-2013 06:32 AM

We had the same problem - please check and update your firewall settings to the following information from Cisco:

 

Cisco is releasing new improvements to our Security Intelligence Operations infrastructure that will enable greater scalability and efficacy to all of your Cisco security products.  As part of this effort, there is a scheduled change to the IPv4 addresses for two hosts used in retrieving reputation updates from Cisco.com for Cisco Web, Email, and IPS appliances, as well as for the CX and Botnet Traffic Filter capabilities of the ASA. 

By default, Cisco security technologies use DNS to locate the appropriate update servers.  However, some environments may have configured static IP addresses in their access control.  If you have configured IP-based access control to permit outbound connections for updates from Cisco, you will need to modify your rules to support the new IP addresses.

Changes will be implemented between February 21, 2013 and March 30, 2013.

If the following IP addresses have been added to your access control policy:

update-manifests.ironport.com: 204.15.82.17 on port 443

updates-static.ironport.com: 204.15.82.16 on port 80

Please add the following IP addresses to your access control policy by February 21, 2013:

update-manifests.ironport.com 208.90.58.5 on port 443

updates-static.ironport.com 208.90.58.25 on port 80

Another note confirm this setting also:

downloads-statis.ironport.com: 204.15.82.8

The original IPs addresses will be deprecated by April 30, 2013.  If you do not modify necessary access controls, your Cisco security technologies will not be able to receive reputation updates.

Should you have any questions, please contact your local Cisco Support Team.

0 Helpful

Go to solution
Joe Silver
Level 1
Level 1
In response to David Owens

‎04-05-2013 05:49 AM

I've been receiving emails with the exact same error several times a week.  When I check my firewall syslogs I'm seeing SYN Timeout" errors when attempting to make a connection to the new IP (208.90.58.5).  Anyone else seeing these issues?

Note: I'm using the Ironport Update Servers setting in WSA.

Joe

0 Helpful

Go to solution
Greg Hopp
Level 1
Level 1
In response to Joe Silver

‎04-05-2013 06:21 AM

Joe,

Just this morning I started getting the same emails. I have never seen them before so I'm thinking you're on to something here.


Greg

0 Helpful

Go to solution
Joe Silver
Level 1
Level 1
In response to Greg Hopp

‎04-05-2013 06:35 AM

I checked the update log files on the WSA and also getting the errors below indicating that the WSA can't connect to the update server. 

Fri Apr  5 07:29:39 2013 Info: Starting scheduled update

Fri Apr  5 07:30:39 2013 Info: Failed to acquire the server manifest

Fri Apr  5 07:32:39 2013 Info: Failed to acquire the server manifest

Fri Apr  5 07:34:39 2013 Info: Failed to acquire the server manifest

Fri Apr  5 07:34:39 2013 Info: Scheduled next update to occur at Fri Apr  5 08:34:39 2013

0 Helpful

Go to solution
Prab
Level 1
Level 1
In response to David Owens

‎03-23-2017 08:53 AM

Just wanted to add that there is a slight typo in the URL mentioned above.

downloads-statis.ironport.com must be  downloads-static.ironport.com

Apart from that, thanks for the great information!

Regards,

Prab :)

Preview file
12 KB
0 Helpful

Go to solution
GILLES GAUTHIER
Level 1
Level 1

‎04-05-2013 06:56 AM

We have the same alerts, starting today.  Our firewall do not block per static IPs.  BTW, we still receive antispam updates, featurekey updates, so I think the problem is intermittent.  Could Cisco have problem with their new update servers?

0 Helpful

Go to solution
Jason Meyer
Level 1
Level 1
In response to GILLES GAUTHIER

‎04-05-2013 06:58 AM

From: andmuell [mailto:supportforums-donotreply@supportforums.cisco.com]
Sent: Friday, April 05, 2013 6:44 AM
Subject: [Email Security] Announcement: DNS resolution issue for the ironport.com domain (Updates, Upgrades, CRES)

Announcement: DNS resolution issue for the ironport.com domain (Updates, Upgrades, CRES)

created by Andreas Mueller in Email Security - View the announcement

We're currently facing an issue with the DNS resolution of the ironport.com domain, which is impacting service updates (Antispam, Antivirus, VOF) as well as AsyncOS upgrades and CRES. Our IT team is actively investigating this at the moment.

Announcement expires on 7. April 2013

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents