- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-26-2021 04:10 AM
Hi,
We have GP configured with 0.0.0.0/0 inside tunnel. We would like to split-tunneling for microsoft updates. In the split tunneling profile we add several microsoft URLs in order to avoid but its not working.
We added this URLS:
*.update.microsoft.com
download.microsoft.com
But in data filtering we can see the updates being downloaded using PA.
how can prevent msupdates for split?
04-26-2021 11:35 AM
The above URLs is what Microsoft has listed for endpoints for Win10 2004 and matches what was listed for 1909. That should capture the majority of the Windows Update traffic, but there's ways to add even more domains if you allow downloads via 3rd-party ect.
04-27-2021 02:39 AM
We have all these URLs, but we still can see the clients downloading the ms-update files using Palo.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!