Hot!Allow access only to Microsoft update services

Author
mehdi.ouazaa
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/26 00:43:47
  • Status: offline
2018/11/25 23:40:15 (permalink)
0

Allow access only to Microsoft update services

Hi all,
I have an upstream WSUS server in my DMZ which should be allowed to only access the Microsoft update services resumed in these urls:
https://*.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://*.download.windowsupdate.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
http://*.windowsupdate.microsoft.com
download.windowsupdate.com
windowsupdate.microsoft.com
ntservicepack.microsoft.com
wustat.windows.com
download.microsoft.com
stats.microsoft.com
test.stats.update.microsoft.com
 
I tried two ways but I failed in 
1- Way1
I blocked all Fortiguard web categories and added a url filter allowing all the needed urls (as you can see in attach1).
This doesn't work since the urls were blocked by the web categories filter as belonging to the blocked Information Technologie category.
2- Way2
I disabled the web categories filter and added a blocking filter at the end of the url filter list (attach2). But access was also blocked. I also tried allow and exempt in the url filter but the result was the same.
 
Could anyone help ?

Attached Image(s)

#1

4 Replies Related Threads

    mehdi.ouazaa
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/26 00:43:47
    • Status: offline
    Re: Allow access only to Microsoft update services 2018/11/28 00:57:19 (permalink)
    0
    Dear all,
     
    any suggestion
    #2
    emed
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/04 01:18:56
    • Status: offline
    Re: Allow access only to Microsoft update services 2019/06/04 01:20:14 (permalink)
    0
    did you solve your problem ?
    #3
    Haris
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/02/21 06:06:13
    • Status: offline
    Re: Allow access only to Microsoft update services 2019/06/05 00:08:50 (permalink)
    0
    The problem could be solved by creating a IPv4 Policy using Internet Service as a destination rather than address objects and moving the policy to the top. That worked for us for some time but anyhow we're now experiencing problems such as that a server behind the firewall and properly configured policy sometimes updates just normally while sometimes the synchronization fails for some reason. After the initial configuration it worked normally and then suddenly we're experiencing a lot of problems with this WSUS policy.
     
    If we enable all traffic to the internet everything works.
    post edited by Haris - 2019/06/05 00:11:04
    #4
    emed
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/06/04 01:18:56
    • Status: offline
    Re: Allow access only to Microsoft update services 2019/06/05 01:34:41 (permalink)
    0
    hi. 
    I added Internet Services as destination (Microsoft-Azure  Microsoft-DNS Microsoft-Microsoft.Update Microsoft-NetBIOS.Name.Service  Microsoft-NetBIOS.Session.Service Microsoft-NTP Microsoft-SSH Microsoft-Web) and some application in ApplicationControl (MS.Windows.Update Microsoft.CDN Microsoft.Portal Microsoft.Authentication Microsoft_Login). And its woking now.
     
     
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5