Windows Server 2012 ms-update

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Windows Server 2012 ms-update

L4 Transporter

We are using WSUS to manage our Windows updates. It's hosted on Windows Server 2012 and runs smoothly.

We recently added a Windows Server 2012 in DMZ and pointed it to our WSUS server:

server --- DMZ --- PA2020 --- LAN --- WSUS server

The PA2020 does not recognize specific WSUS traffic to the WSUS server.

That is: most detecting/reporting passes fine as application ms-sms.

The actual downloading of updates is not recognized as ms-update, but as web-browsing. That traffic is on the non-default http port 8530 (this is in fact the default port voor WSUS). Our other servers in DMZ (Windows Server 2008 R2) update fine and their traffic to the WSUS server is identified as expected (ms-update).

We are on app definition version 391-1924.

Anyone else seeing similar behaviour ?

5 REPLIES 5

L5 Sessionator

Can you please report this mis-identification to Support:

How to Validate and Report Application Misidentification

That's a lot of work for an issue thay may or may not exist...

If others report the same findings, I will properly report it.

However, in your howto it's not clear where that report should go: here in the thread or sending it to support (mail ??)

The document enlists all the steps to be performed before opening case with support.

In most of the case, PCAPs from Windows Server 2012 and Windows Server 2008 R2 should help in validating the application misidentification.

Traffic logs and show session id <id> o/p  from working and nonworking scenario would help in validating the mis-id.


L3 Networker

I have found the same issue.  Some of our Admins spun up 2012 WSUS clients in a DMZ and the traffic is not identified.  The default port is 8530 as dieterb reported.  I will just use an app-override to cope.

Cheers,

Mike

You could always report it without creating a case if you want to just supply basic info to the application team:

http://researchcenter.paloaltonetworks.com/submit-an-application/

That link allows you to submit an app along with your company and email so the content team can get in touch if they need more info. If you have a packet capture, even better. If not, the content team may still be able to redefine that traffic.

Hope this helps,

Greg

  • 3158 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!