Views:

Summary:
	The Threat Management Center (TMC) has updated the URL used for retrieving security content and software updates from “d.tippingpoint.com” on TCP port “80” to “msd.tippingpoint.com” on TCP port “443” to remove non-encrypted communications channels. The Security Management System (SMS) will adjust to this change automatically without any action; however, firewall and proxy rules may need to be updated. See details below in “Action Required.” This channel is used only to transfer security and software updates. Those files and updates were and continue to be digitally signed and encrypted.
Affected Products:
	All supported versions of SMS downloading security content and other updates from TMC.
Action Required:
	This change does not require any SMS software updates. However, perimeter/internet edge firewall and proxy rules may need to be updated to allow SMS to connect to “msd.tippingpoint.com” on TCP port “443”. If your SMS is enabled for Auto DV download and has already downloaded the most recent DV or newer (at the time this bulletin was published, that version is 3.2.0/4.0.0.9954), no further action is likely required. If the SMS cannot download security content updates from TMC due to pending firewall or proxy changes, it will keep trying and automatically resume updates once the firewall or proxy settings are updated. Any communication failures will be recorded in the SMS audit log, which may signal that adjustments to the firewall or proxy settings are needed.
Exceptions:
	If necessary, an exception process is available to continue to use the previous, unencrypted approach temporarily. The previous channel using TCP port “80” and “d.tippingpoint.com” will be available for six months through April 30, 2025. To continue to use the previous mechanism, contact support to enable this feature for your deployment.
HTTPS Certificate Details:
	The HTTPS certificate has an identical trust chain to what the TMC currently uses for SMS communications. The certificate presented at the time of this publication can be manually verified with the details provided below: Common Name CN: msd.tippingpoint.com Certificate Serial Number: 05:B6:B0:F6:B4:0F:6A:35:E8:C8:4A:22:F6:31:CF:3A:BF:E7:66:BD Certificate Fingerprint (SHA-256): 14110f00054258e4a5e1f98ab44748f75effdfea451c01cd575957dbb1046ae5

Keywords: PB#1102: TMC/SMS Communication Channel

PB#1102: TMC/SMS Communication Channel

Product / Version includes:

TippingPoint SMSAll

Last updated: 2024/10/17

Solution ID: KA-0018059

Category: Configure , Troubleshoot , Deploy

Summary

Changes to SMS/TMC Communication Channel for Auto-Download of DV and Other Packages

Summary:
	The Threat Management Center (TMC) has updated the URL used for retrieving security content and software updates from “d.tippingpoint.com” on TCP port “80” to “msd.tippingpoint.com” on TCP port “443” to remove non-encrypted communications channels. The Security Management System (SMS) will adjust to this change automatically without any action; however, firewall and proxy rules may need to be updated. See details below in “Action Required.” This channel is used only to transfer security and software updates. Those files and updates were and continue to be digitally signed and encrypted.
Affected Products:
	All supported versions of SMS downloading security content and other updates from TMC.
Action Required:
	This change does not require any SMS software updates. However, perimeter/internet edge firewall and proxy rules may need to be updated to allow SMS to connect to “msd.tippingpoint.com” on TCP port “443”. If your SMS is enabled for Auto DV download and has already downloaded the most recent DV or newer (at the time this bulletin was published, that version is 3.2.0/4.0.0.9954), no further action is likely required. If the SMS cannot download security content updates from TMC due to pending firewall or proxy changes, it will keep trying and automatically resume updates once the firewall or proxy settings are updated. Any communication failures will be recorded in the SMS audit log, which may signal that adjustments to the firewall or proxy settings are needed.
Exceptions:
	If necessary, an exception process is available to continue to use the previous, unencrypted approach temporarily. The previous channel using TCP port “80” and “d.tippingpoint.com” will be available for six months through April 30, 2025. To continue to use the previous mechanism, contact support to enable this feature for your deployment.
HTTPS Certificate Details:
	The HTTPS certificate has an identical trust chain to what the TMC currently uses for SMS communications. The certificate presented at the time of this publication can be manually verified with the details provided below: Common Name CN: msd.tippingpoint.com Certificate Serial Number: 05:B6:B0:F6:B4:0F:6A:35:E8:C8:4A:22:F6:31:CF:3A:BF:E7:66:BD Certificate Fingerprint (SHA-256): 14110f00054258e4a5e1f98ab44748f75effdfea451c01cd575957dbb1046ae5

Was this article helpful?