How do I add an allowed web site to CPF 2.3.4.45?

Help for v2
#1

I’m trying to get Windows Update working properly, and received this error message from the Windows Update site:

When accessing the Update site, you receive the 0x80072EE2 or 0x80072EFD error. (Resolution 1) Last updated : 10/21/2005 Print | Close

Problem description
This error may occur if your Internet connection or configuration is preventing access to the Update site.

Applicable operating systems

Windows 2000
Windows XP
Windows Server 2003

Resolutions

  1. A misconfigured Proxy/Firewall can cause this problem. Double-check the Proxy/Firewall settings.
    Add the following urls to the exception list within your Firewall/Proxy:
    http://.update.microsoft.com
    https://    .update.microsoft.com
    http://download.windowsupdate.com

Please tell me how to add these url’s to CPF. I’m new to CPF, so I’d really appreciate complete instructions. :slight_smile:

#2

Can you please show us your CPF logs? Activity->Logs section, includes everything that can be used to see whats going on.

Egemen

#3

Egeman,

Thanks for the reply. Here’s the log. I just installed CPF today. The entries in the log correspond to testing my system on grc.com.

 	Date Created: 19:26:25 04-09-2006

Log Scope: Today
Date/Time :2006-09-04 18:19:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.101, Port = 1227)
Protocol: UDP Incoming
Source: 68.237.161.12:dns(53)
Destination: 192.168.0.101:1227
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 18:19:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.101, Port = 1226)
Protocol: UDP Incoming
Source: 71.243.0.12:dns(53)
Destination: 192.168.0.101:1226
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 18:19:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.101, Port = 1227)
Protocol: UDP Incoming
Source: 71.243.0.12:dns(53)
Destination: 192.168.0.101:1227
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 18:19:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.101, Port = 1226)
Protocol: UDP Incoming
Source: 68.237.161.12:dns(53)
Destination: 192.168.0.101:1226
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 18:19:16
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.0.101
Destination: 192.168.0.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 18:03:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.101, Port = 1173)
Protocol: UDP Incoming
Source: 71.243.0.12:dns(53)
Destination: 192.168.0.101:1173
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 18:03:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.101, Port = 1173)
Protocol: UDP Incoming
Source: 68.237.161.12:dns(53)
Destination: 192.168.0.101:1173
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 18:03:51
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.0.101
Destination: 192.168.0.1
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5
Date/Time :2006-09-04 17:49:40
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.0.101
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

End of The Report

#4

We need to see the logs when you fail to update. This means, clear all your logs, try updating again and then paste your logs so that we can see what CPF blocks.

Egemen

#5

OK, thanks. I think I’m going to bag the update idea for now. It’s not worth the hassle for what I was trying to accomplish. But I do appreciate your help.

#6

You need to create a rule ike the following semantic above the BLOCK rule:

ALLOW TCP OUT FROM ANY TO IP NAME[www.trustedsite.com] WHERE SOURCE PORT IS ANY AND DESTINATION PORT IS ANY.

Egemen

#7

OK, thanks very much. BTW, I wasn’t suggesting that what you were asking for was too much of a hassle. I decided that what Windows Update was asking for was more trouble than it was worth.

I apologize if I was unclear. You’ve been very helpful, and I appreciate it.

#8

Not at all :slight_smile:

Good luck,
Egemen