This makes whitelisting IP addresses impossible for long term functionality, for the SMP is going to hit that URL and be pulled from whichever Server IP is most suitable for that region within the Akamai Server Farm, and this results in a dynamic IP address.
Best practice is to whitelist the URL above to allow all downloads regardless of the IP address.
If unable to whitelist the URL; review the possible workaround:
Configure the environment to have a 'Net-facing SMP Server' to have unhindered access as outlined in HOWTO59024 for DMZ/No-net environments.
Segment 1-1 for just downloading the PMImport if the Production SMP Server is able to download Software Bulletins without restrictions.
Implement the URLMaskMaker tool from TECH186657 to allow download of the individual Software Bulletins from their respective vendor sites on the production SMP Server.
Otherwise, review the process on the article referenced in step #1 to import packages if those URLs are also unable to be accessed from the SMP Server.
Advisory:The SMP Server uses Anonymous Authentication (IUSR) when calling the PMImport download, and when downloading Software Bulletins to the SMP Server, for the targeted sites do not recognize any local SMP Server's specific User Credentials, so a specific User Credential is not called on the scheduled process. The System Account (Anonymous) is going to need to have clearance through network security from the SMP Server to the specified Vendor Sites.
Note: If the Admin account is able to hit the URL in a browser; they merely have permissions for their user credentials to access the SolutionSam site or URL for downloading the Software Update.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe