# Check Point Firewall blocking Updates



## chrisf70 (Mar 5, 2009)

Hi,

We have installed a Check Point UTM-1 270 firewall at our office, this was installed at the beginning of February. Prior to this install we used Netopia router with an inbuilt firewall. We are not running SmartDefense on the Check Point firewall as we run McAfee Total Protection for Endpoint as our anti-virus across the organisation.

Prior to the Check Point UTM-1 being installed we were able to download and install Adobe Updates, Java Updates and MS Updates. 

We first noticed we had a problem with Adobe Updates, the updater runs and checks for updates on the Akamai servers, who seem to host Adobe's update service. Once the check is complete and say two updates are available the PC then tries to download the updates at this point it fails with the message 'No Internet Connection was found. Please check your Internet settings or firewall'. Java has a similar failure message. MS Updates are OK on existing PCs, but we have a new batch of Vista PCs which we are getting out of the box and these fail to update with MS updates when first switched on.

We can't find any info on the internet, and our support contract is moving very slowly.

Has anyone had anything similar as a problem?

Thanks.


----------



## asgley (Feb 26, 2009)

I've been watching this post with interest.

as noone else has posted i think i will =)

do the client machines use the check point firewall as a default gateway?

are you limiting destination ports (outbound traffic)

I assume you cant give too much info out about your corporate firewall but i would take a guess that the problem here is that the update is trying to grab the files for the updates from a remote host on a abnormal port.

Asg


----------



## chrisf70 (Mar 5, 2009)

Asgley, thank you for your reply.

You are correct in all points of your reply and I agree that is a port issue. We know that most Adobe updates are sourced from a batch of serves hosted by Akamai Technologies. We have allowed this url free access through the firewall and allocated the IP addresses hosted by this company as allowed IP addresses. However they do seem to use a range of addresses. On the Check Point firewall gui we cannot find the option to allow us to enter a range of addresses.

Do you yourself use a Check Point set up?

Thanks.


----------



## asgley (Feb 26, 2009)

Hi,

Sorry I can not discuss in detail anything pertaining to this product range. If you have any more generic questions please feel free to ask.
This link may be of some help for you.
http://downloads.checkpoint.com/dc/download.htm?ID=7874
Page 358

Regards

Asg


----------

