Windows Update Traffic (ms-update) being recognized as web-browsing

Reply
L2 Linker

Windows Update Traffic (ms-update) being recognized as web-browsing

Hi Everyone,

 

I have an issue that I haven't been able to resolve.  I have a small domain setup with a Windows Server Update Service that is located in a DMZ.  The machinges that are in the inside network (trusted), are setup to pull their Windows updates from the server in the DMZ.  I have setup Group Policy to make this happend, and it works fine for all of my servers. 

 

The issue is that I have a Windows 10 machine that refuses to connect to the WSUS server. The same group policy is applied and when I look at Monitor, I can see attempts to connect to the server over port 8530 ( Default Port), but the traffic is identified at web-browsing instead of ms-update.  

 

Since 8530 isn't a standard port for web-browsing, the traffic isn't allowed.  I know I could always setup an application override, but I shouldn't have to.  I cannot figure out why this particular machines traffic is recognized as web-browsing instead of ms-update.

 

If anyone has any suggestions, I would like to hear them. 

 

Thanks

Tags (2)
L7 Applicator

Re: Windows Update Traffic (ms-update) being recognized as web-browsing

Hello,

The PAN takes time to identify traffic, unfortuantly its getting blocked prior to being inspected properly. Just create a new policy that allows web-browsing and ssl. Then set the services to http, https, and create a custom service for 8530-tcp.

 

Hope that makes sense.

 

L2 Linker

Re: Windows Update Traffic (ms-update) being recognized as web-browsing

Thanks for the reply. 

I ended up opening a case with support regarding this.  I sent them some packet captures, and they were able to replicate my issue. 

 

They are going to relay this information to their content team and have the signatures updated from ms-update.

L0 Member

Re: Windows Update Traffic (ms-update) being recognized as web-browsing

Hello,

 

Did support fix this issue? I have same issue too, where ms-update traffic is categorized as web-browsing and being denied. Please let me know.

 

Thanks!

L2 Linker

Re: Windows Update Traffic (ms-update) being recognized as web-browsing

I did work with support on this, and they did find that they were identifying the traffic incorrectly.  They made a change and released it as a part of their weekly content updates.  Since doing this, I haven't had an issue.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!