Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
3
Replies

pix and microsoft and mcafee updates

rjain
Level 1
Level 1

‎06-22-2004 08:58 AM - edited ‎02-20-2020 11:28 PM

We have pix 501 firewall. We blocked the internet access for all users other than Citrix. users will access internet via Citrix. But now we are in trouble and that are Microsoft and mcafee updates. Becase we just allowed access to Citrix,now Microsoft and Mcafee upadtes will not work. I could have allowed the access to particular IP address but that doen't look a good solution. Can some help me on this issue.

Thanks

0 Helpful
3 Replies 3

adrian.grigorof
Level 1
Level 1

‎06-22-2004 04:58 PM

You can configure one computer to manage all the Windows updates using a software like the Window Software Update Service (SUS - see http://www.sans.org/rr/papers/66/1104.pdf) and you can use a similar solution for McAfee (ePolicy Orchestrator). This way you are saving bandwith, control Internet access and manage Windows and antivirus updates in the same time!

Regards,

Adrian Grigorof

Developer - FireGen for Pix Log Analyzer

www.firegen.com

0 Helpful

rjain
Level 1
Level 1
In response to adrian.grigorof

‎06-23-2004 02:47 PM

We have just one computer there and we don't want to give access to Internet throguh desktop. Just access through Citrix.

0 Helpful

asalmeron
Level 1
Level 1
In response to rjain

‎07-09-2004 09:11 PM

Adrian had the best thought for the updates. We currently use that model. Both MS SUS and Mcafee's EPO are both programs that run on a server, and not necessarily a desktop that someone would log into. The point of those servers is to act as a central lone server that would retrieve the updates for a multitude of pc's behind your gateway. The pc's would download their updates from those servers. Another good thing about them is that they keep track of your machines that are not up to date on your patches and Dat files. The EPO server also keeps track of virus's that hit your machines.

If these two aren't available or still aren't an option, you can always set up one of your Citrix servers to download it's updates and then store them in shared UNC path so that your pc's can retrieve from there. This way your still only letting your Citrix server surf the net. Since EPO isn't free, this is the cheapest route to go. Also note that MS SUS is free for now............

hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card