Windows Server 2012 ms-update

Reply
L4 Transporter

Windows Server 2012 ms-update

We are using WSUS to manage our Windows updates. It's hosted on Windows Server 2012 and runs smoothly.

We recently added a Windows Server 2012 in DMZ and pointed it to our WSUS server:

server --- DMZ --- PA2020 --- LAN --- WSUS server

The PA2020 does not recognize specific WSUS traffic to the WSUS server.

That is: most detecting/reporting passes fine as application ms-sms.

The actual downloading of updates is not recognized as ms-update, but as web-browsing. That traffic is on the non-default http port 8530 (this is in fact the default port voor WSUS). Our other servers in DMZ (Windows Server 2008 R2) update fine and their traffic to the WSUS server is identified as expected (ms-update).

We are on app definition version 391-1924.

Anyone else seeing similar behaviour ?

Tags (2)
Highlighted
L5 Sessionator

Re: Windows Server 2012 ms-update

Can you please report this mis-identification to Support:

How to Validate and Report Application Misidentification

Highlighted
L4 Transporter

Re: Windows Server 2012 ms-update

That's a lot of work for an issue thay may or may not exist...

If others report the same findings, I will properly report it.

However, in your howto it's not clear where that report should go: here in the thread or sending it to support (mail ??)

Highlighted
L5 Sessionator

Re: Windows Server 2012 ms-update

The document enlists all the steps to be performed before opening case with support.

In most of the case, PCAPs from Windows Server 2012 and Windows Server 2008 R2 should help in validating the application misidentification.

Traffic logs and show session id <id> o/p  from working and nonworking scenario would help in validating the mis-id.


Highlighted
L3 Networker

Re: Windows Server 2012 ms-update

I have found the same issue.  Some of our Admins spun up 2012 WSUS clients in a DMZ and the traffic is not identified.  The default port is 8530 as dieterb reported.  I will just use an app-override to cope.

Cheers,

Mike

Highlighted
L7 Applicator

Re: Windows Server 2012 ms-update

You could always report it without creating a case if you want to just supply basic info to the application team:

http://researchcenter.paloaltonetworks.com/submit-an-application/

That link allows you to submit an app along with your company and email so the content team can get in touch if they need more info. If you have a packet capture, even better. If not, the content team may still be able to redefine that traffic.

Hope this helps,

Greg

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!