You've set up Apache web server as a reverse proxy on your SEPM, but your Linux clients are unable to download updates.

SEPM 14.3

Linux SEP client 14.3

If you're troubleshooting virus definition download issues from your SEP for Linux agent to your SEPM configured as a reverse proxy, first identify where the problem might lie:

• SEPM server malfunctioning as a reverse proxy
• SEPM server unable to connect to public LiveUpdate servers
• Linux agent unable to connect to your SEPM server configured as a reverse proxy
• Policy configuration issue

The following tests can help you pinpoint the problem.

1. Testing SEPM Reverse Proxy Configuration:
   
   From your SEPM server configured to serve as a reverse proxy, you can test if the configuration is correct by running the command:
   
   - Start > Run (Windows Key + R) and then enter: http://localhost:8014/luproxy/masttri.zip  (Replace <port number> with your actual port if different from 8014) 
   
If successful, the zip file masttri.zip will be downloaded. Note: this link will fail if you have not completed the above article Apache web server as a reverse proxy
   
   Note: While the massttri.zip file is requested via a local URL address, the request is passed to Symantec's public LiveUpdate server. The reverse proxy requires a direct connection to Symantec's LiveUpdate servers, it cannot itself go through another proxy.
   
   If the file isn't downloaded, ensure your SEPM server can establish a connection to public LiveUpdate web domains. Run the following command:
   
   Start > Run (Windows Key + R) and then enter: https://liveupdate.symantecliveupdate.com/masttri.zip 

   If successful, the zip file masttri.zip will be downloaded. For further details, refer to: Determine whether your firewall is blocking LiveUpdate (broadcom.com)
   
   
2. Testing Connectivity from Linux Agent:
   
   From a Linux Agent configured to use the reverse proxy for definition downloads, use the curl tool (or similar) to test connectivity and attempt downloading masttri.zip.
   
   Command example
   curl -I http://<SEPM_IP_or_Hostname>:<port>/luproxy/masttri.zip

Replace <SEPM_IP_or_Hostname> and <port> with the actual IP address/hostname/FQDN and port of your SEPM configured as a reverse proxy. Use the same settings provided in the LiveUpdate policy on your SEPM
   
   
   
   You should receive an HTTP 200 response. The downloaded file size should match the one downloaded directly on SEPM.
   
   LU download requests to the Apache web server are logged in a separate file: SEPM_Install\apache\logs\access-%Z.log. You can check the response code for each request.
   
   Log example:
   X.X.X.X - - [21/Aug/2024:19:31:16 +1200] "GET /luproxy/masttri.zip HTTP/1.1" 200 6434043

X.X.X.X is the IP address of the remote endpoint requesting the content.
   The last two fields represent the HTTP response code and file size.
   
   
3. Troubleshooting Failed Linux Agent Downloads:
   
   If both tests were successful, but your SEP Linux agent is not able to download definitions, check the Live Update log on your SEP for Linux endpoint (opt/Symantec/sdcssagent/AMD/sef/Logs/lux.log). Confirm the hostname (IP address) and port are correct.
   
   Example from Lux.log (failed to connect server) 
   
   ……
11:45:06.788525 [Server Selection - START]
11:45:06.791989  Result Code: 0x80010830
11:45:06.792013  Result Message: FAIL - failed to select server
11:45:06.792034  [Server - START]
11:45:06.792053   Host ID: {7007012E-74AA-45E5-A6D2-82EF7A14F59B}
11:45:06.792067   Status Code: 1
11:45:06.792081   Status Message: Server was not selected
11:45:06.792097   Transport Return Code: 0x80010732
11:45:06.792111   Transport Return Message: FAIL - file not found
11:45:06.792124   Protocol: HTTP
11:45:06.792138   Hostname: xxx.xxx.xxx.xxx (IP address)
11:45:06.792151   Port: 8014
11:45:06.792164   Path: /luproxy
11:45:06.792178   Proxy ID: {00000000-0000-0000-0000-000000000000}
11:45:06.792191   Proxy Bypass: false
11:45:06.792204  [Server - END]
11:45:06.792219  Used proxy list was empty
11:45:06.792232 [Server Selection - END]
……….

If the Hostname and port observed in the Liveupdate log are not correct:
   
   
   • Ensure the SEP agent can connect to the SEPM server and has the latest policy serial number.
     
     
   • Check the agent's assigned SEPM group and confirm the applied LiveUpdate policy is configured correctly as per the Broadcom documentation: Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy (broadcom.com)
     
     

Reverse proxy does not use Endpoint Protection Manager's proxy settings (broadcom.com)

SEP LiveUpdate fails to download content via Reverse Proxy - 0x80010732 (broadcom.com)