×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

UC560 is blocking antivirus updates

Unanswered Question
Sep 26th, 2013
User Badges:

Hi All,


I am facing a strange issue at one of our customer sites.

The customer is using UC560 as the gateway for both voice and data. Recently it was noticed that their antivirus server is not able to download regular antivirus updates.


We connected the server directly to internet (using the same PPPoE connection terminated on UC560) and it downloaded the updates without any issues. So we confirmed that the issue is not related to antivirus vendor. So we connected the server directly to LAN interface of UC560, and we noticed that it could not download the updates. The antivirus vendor confirmed that port 80 is used for their updates, and hence it should not be blocked. I removed all access lists temporarily on the device and tested, but still it was failing. I tried to change the MTU values, but still the result was the same. The customer confirmed that no recent changes were made on the network.


I am attaching the truncated configuration of the device.

Please answer my queries below:


Does the built-in firewall of UC560 block file download based on file extension? Has anyone faced similar issues? Can anyone suggest other troubleshooting steps that I missed?


Thanks,

Arun

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
paolo bevilacqua Fri, 09/27/2013 - 14:07
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Remove ip inspect commands.

Note ip mtu should be 1492, not 1452.

Arun Greig John Sat, 09/28/2013 - 04:31
User Badges:

Hi Paolo,


Thank you very much for replying.

During testing, I had removed the ip inspect commands, and the day before that, I had tried different MTU values (1452, 1476, 1492 and 1500). But I haven't tried a combination of both.

I will do it when I get access to the site next time and update you the results.


Thanks,


Arun

paolo bevilacqua Sat, 09/28/2013 - 07:11
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

If you removed IP inspect then is strange because the router does not interfere with traffic at all.

Arun Greig John Sun, 09/29/2013 - 01:21
User Badges:

That is why I also felt that it is strange.

There is one more thing that I have noticed. To download any file from the customer's internet connection, proxy settings provided by ISP should be configured on the browser. If not, you can browse, but cannot download any file. I don't think this restriction affects the traffic through UC560, I'm just pointing out something that I noticed.

Christian Semmler Sun, 09/29/2013 - 06:12
User Badges:

How does the server get the proxy settings if you connect it directly to the connection? Did you tried to configure the proxy settings in the antivirus software?



- Please rate helpful posts -

Arun Greig John Sun, 09/29/2013 - 09:21
User Badges:

When I connected the server directly, I changed the proxy settings on internet explorer and it worked. I tried the same thing when connected through UC560, but it failed.

I didn't change it on the application. I will try it.


Thanks


Arun