topic Windows Update - automatic policy without manual address definition in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/windows-update-automatic-policy-without-manual-address/m-p/1247424#M6654 <P>Hi,</P><P>is there a way on Palo Alto firewalls to allow <STRONG>Windows Update</STRONG> traffic without manually defining a list of addresses?</P><P>For example, is it possible to create a policy that <STRONG>automatically determines or updates the list of these addresses</STRONG>, without requiring manual administrator intervention?</P><P>I would appreciate any information on whether such solutions exist at all.</P><P>Best regards</P> Wed, 04 Feb 2026 11:54:50 GMT jakub.kuchniak 2026-02-04T11:54:50Z Windows Update - automatic policy without manual address definition https://live.paloaltonetworks.com/t5/next-generation-firewall/windows-update-automatic-policy-without-manual-address/m-p/1247424#M6654 <P>Hi,</P><P>is there a way on Palo Alto firewalls to allow <STRONG>Windows Update</STRONG> traffic without manually defining a list of addresses?</P><P>For example, is it possible to create a policy that <STRONG>automatically determines or updates the list of these addresses</STRONG>, without requiring manual administrator intervention?</P><P>I would appreciate any information on whether such solutions exist at all.</P><P>Best regards</P> Wed, 04 Feb 2026 11:54:50 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/windows-update-automatic-policy-without-manual-address/m-p/1247424#M6654 jakub.kuchniak 2026-02-04T11:54:50Z Re: Windows Update - automatic policy without manual address definition https://live.paloaltonetworks.com/t5/next-generation-firewall/windows-update-automatic-policy-without-manual-address/m-p/1247464#M6659 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/976453629">@jakub.kuchniak</a></P> <P>&nbsp;</P> <P>thanks for post!</P> <P>&nbsp;</P> <P>You could try to create a security policy with app-id: "<STRONG>ms-update</STRONG>" to allow windows updates.</P> <P>For reference, here are KB articles with instructions to allow allow Microsoft updates:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHXCA0" target="_self">How to Block Web Browsing while Allowing Microsoft Updates</A>&nbsp;and to block them:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbvCAC" target="_self">How to block a Windows update</A>&nbsp;(You can get required URLs from article to use them to allow traffic).</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Wed, 04 Feb 2026 23:32:14 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/windows-update-automatic-policy-without-manual-address/m-p/1247464#M6659 PavelK 2026-02-04T23:32:14Z