I have just upgraded NSP to 188.8.131.52 version and now I can not download any botnet detectors. We use MWG7 proxy. There is now change on proxy after NSP upgrade. Also we have proxy exceptions for NSP management server to bypass all rules (Stop cycle).
In MWG log, I can see, that SSL tunel is ok.
[24/May/2013:12:33:29 +0200] "" 10.241.10.30 200 "CONNECT menshen.intruvert.com:443 HTTP/1.1" "" "-" "" 97898 "Jakarta Commons-HttpClient/3.1" "" "0"
But NSP manager do not display any available botnet detectors for download and responds with "Connection timeout: connect" error.
Before upgrade, botnet detectors were OK and deployed to IPS sensors. See error screen below.
Any idea, please ?
For firewall logs, I can see some direct https connection from NSP manager to external IP 184.108.40.206.Message was edited by: lubomir.cerny - added detail from FW log - connection to 220.127.116.11 on 5/24/13 1:07:50 PM CEST
I verified, that for "Download Botnet Detectors", the NSP Manager 18.104.22.168 do not use predefined proxy server and tries direct https connection. All other downloads are still ok via proxy. (Download IPS signatures, Device Software ...)
I modified our FW rules temporally to allow direct https connection. Hope McAfee can confirm this issue and correct.
We have duplicated this issue and are working on a fix. In the mean time, allowing the botnet connection directly to the server gti-api.mcafee.com or manually downloading the detector updates should work.