the Nokia firewall block the DNS looking up caused the liveupdate and conduit failed.
Dec 2, 2010 2:38:52 PM A LiveUpdate server could not be selected.
Dec 2, 2010 2:38:52 PM
Dec 2, 2010 2:38:52 PM The Java LiveUpdate session did not complete successfully.
Dec 2, 2010 2:38:52 PM Return code = -2,001
2010-12-02T14:38:53+08:00 (ERROR:3126.3071821504):  JLU session error -2001: JLU could not connect to any server.
By default, SBG will save the IP address of your configed DNS server to the osconfig.xml and booting up the named daemon to listening on udp port 53,as below:
and this is the default named server will capture and then forward any DNS query what queried by all threads of SBG processes to your appointed IP address in the GUI.
if we run dns query via GUI->utilities, the backgroup thread will trigger a package which captured by tcpdump and deconding as below:
we could found that the SBG kernel process generated a ENDS query package rather than dns, compared with the dns, as below:
No option included in the normal dns query package. and if we appointed the server manully via nslookup in the cli, the dns query packagae will be generated by linux DNS client rather than SBG kernel. so we could get a foremost conclusion that the firewall policy maybe block the EDNS package which sent by SBG kernel.
By checking the firewall policy, we could found the all outbound flows have been permitted,and also permit DNS in the globalsettings, the snapshot shown the settings:
but we found t all dns query packages originated from SBG be verdicted as attack, so we need to check the IDS policy ,and found the feature DNS protocol enhancement enabled, tuning the action to monitor and all update working fine.
Nokia could not update the signature on time and the older definition could not identify the EDNS package then mark all EDNS package as attack
1、update the latest IDS signature
2、Tuning the aciton of DNS protocol enhancement from block to monitoring ony
The SBG located in the DMZ zone and filter all package by Nokia firewall