This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Windows Server 2012 ms-update

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Windows Server 2012 ms-update

dieter_b
L4 Transporter

‎09-09-2013 05:42 AM

We are using WSUS to manage our Windows updates. It's hosted on Windows Server 2012 and runs smoothly.

We recently added a Windows Server 2012 in DMZ and pointed it to our WSUS server:

server --- DMZ --- PA2020 --- LAN --- WSUS server

The PA2020 does not recognize specific WSUS traffic to the WSUS server.

That is: most detecting/reporting passes fine as application ms-sms.

The actual downloading of updates is not recognized as ms-update, but as web-browsing. That traffic is on the non-default http port 8530 (this is in fact the default port voor WSUS). Our other servers in DMZ (Windows Server 2008 R2) update fine and their traffic to the WSUS server is identified as expected (ms-update).

We are on app definition version 391-1924.

Anyone else seeing similar behaviour ?

1 person had this problem.
Labels:
0 Likes Likes
5 REPLIES 5

UhMayYeah
L5 Sessionator

‎09-09-2013 05:56 AM

Can you please report this mis-identification to Support:

How to Validate and Report Application Misidentification

dieter_b
L4 Transporter
In response to UhMayYeah

‎09-09-2013 06:54 AM

That's a lot of work for an issue thay may or may not exist...

If others report the same findings, I will properly report it.

However, in your howto it's not clear where that report should go: here in the thread or sending it to support (mail ??)

0 Likes Likes

UhMayYeah
L5 Sessionator
In response to dieter_b

‎09-09-2013 01:56 PM

The document enlists all the steps to be performed before opening case with support.

In most of the case, PCAPs from Windows Server 2012 and Windows Server 2008 R2 should help in validating the application misidentification.

Traffic logs and show session id <id> o/p  from working and nonworking scenario would help in validating the mis-id.


0 Likes Likes

msullivan
L3 Networker

‎01-02-2014 09:13 AM

I have found the same issue.  Some of our Admins spun up 2012 WSUS clients in a DMZ and the traffic is not identified.  The default port is 8530 as dieterb reported.  I will just use an app-override to cope.

Cheers,

Mike

0 Likes Likes

gwesson
L7 Applicator
In response to msullivan

‎01-02-2014 09:22 AM

You could always report it without creating a case if you want to just supply basic info to the application team:

http://researchcenter.paloaltonetworks.com/submit-an-application/

That link allows you to submit an app along with your company and email so the content team can get in touch if they need more info. If you have a packet capture, even better. If not, the content team may still be able to redefine that traffic.

Hope this helps,

Greg

0 Likes Likes
  • 3602 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks