Request to configure LiveUpdate to use a specific, static set of IP addresses to obtain LiveUpdate content, rather than referencing a DNS name. How can this be accomplished?
The DNS names which reference LiveUpdate content on Symantec servers, including liveupdate.symantec.com and liveupdate.symantecliveupdate.com, resolve to dynamic lists of IP addresses. There seems to be a pattern to the change, so there must be a way which IP addresses can be used.
The servers and IP addresses associated with distribution of LiveUpdate content are subject to change at any time, without notice, in order to facilitate efficient content distribution. Many of the factors which influence change are dynamic, so even if there is an observable pattern currently there is no guarantee it will continue in the future.
Symantec makes LiveUpdate content available on the Internet through a partnership with the Akamai server network. Akamai is a network of tens of thousands of servers scattered worldwide for more efficient distribution of content. Symantec recommends specifying Symantec LiveUpdate servers via DNS name (fully qualified domain name), not via one or more static IP addresses. Use of static IP addresses to access Symantec LiveUpdate content is not supported or recommended.
Some possible alternate methods of addressing this objective include whitelisting the server(s) downloading LiveUpdate content at the network perimeter, or locating an internal LiveUpdate server (LiveUpdate Administrator (LUA) 2.x) outside the network perimeter. LUA 2.x will download content from Internet sources, then provide these materials to clients on the network from a Distribution Center with a fixed internal IP.
For more information on the use of the Akamai network and means to create firewall rules for LiveUpdate in this manner, please consult Symantec knowledgebase article http://www.symantec.com/docs/tech163079 .