<![CDATA[Which ports need to be open for Update detection ?]]>On an AWS installarion of 2.3 I have the "Obtaining update status " continuously spinning, probably due to restrictive blocking on the NetworkACL or SecurityGroup. Do you know which ports (and possible target IPs) need to be open for Update checks to work ?
Thanks

]]>https://forum.netgate.com/topic/100799/which-ports-need-to-be-open-for-update-detectionRSS for NodeMon, 16 Mar 2026 08:49:23 GMTTue, 31 May 2016 15:14:58 GMT60<![CDATA[Reply to Which ports need to be open for Update detection ? on Tue, 31 May 2016 21:02:29 GMT]]>For AWS, you need 80 and 443 to firmware.netgate.com only.

]]>https://forum.netgate.com/post/628715https://forum.netgate.com/post/628715Tue, 31 May 2016 21:02:29 GMT<![CDATA[Reply to Which ports need to be open for Update detection ? on Tue, 31 May 2016 20:59:43 GMT]]>In addition to the information on the above post, you should also check if your pfSense install can access https://pkg.pfsense.org. This is the repository where the 2.3.x+ updates come from.

]]>https://forum.netgate.com/post/628712https://forum.netgate.com/post/628712Tue, 31 May 2016 20:59:43 GMT<![CDATA[Reply to Which ports need to be open for Update detection ? on Tue, 31 May 2016 20:26:34 GMT]]>It's probably
https://updates.pfsense.org/_updaters/
This means : port 443, not a port that could be blocked.

But I guess your  issue is different.
DNS is working ?
Can you
ping updates.pfsense.org
from the webgui ? Does it resolve to an IP ?

PING updates.pfsense.org (162.208.119.39): 56 data bytes
64 bytes from 162.208.119.39: icmp_seq=0 ttl=49 time=114.551 ms
64 bytes from 162.208.119.39: icmp_seq=1 ttl=49 time=142.796 ms
64 bytes from 162.208.119.39: icmp_seq=2 ttl=49 time=114.759 ms

--- updates.pfsense.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 114.551/124.035/142.796/13.266 ms
]]>https://forum.netgate.com/post/628702https://forum.netgate.com/post/628702Tue, 31 May 2016 20:26:34 GMT