Windows Update issues - Windows 10

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Update issues - Windows 10

L4 Transporter

I am currently troubleshooting an issue on PAN-OS 8.0.4 regarding the ability for Windows 10 / Windows Server 2016 to update via Windows Update.  Windows Update for Windows 7 is working fine, however any time I try to download updates on Windows 10 (Creators Update) it fails unless i add a the subnets below to exclude them from decryption.  As the App-ID ms-update does not decrypt by default, I'm wondering if there has been a change in data stream which is causing some Windows Update traffic to be identified as ssl rather than ms-update.  

 

Subnets excluded to get this to work: 64.4.0.0/18, 65.52.0.0/14

 

X.X.X.X-->64.4.54.18 76370000... 169 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
X.X.X.X-->65.55.252.202 59010000... 209 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

 

Has anyone else seen this issue as of recently?  I am trying to avoid opening up these entire subnets.

 

- Matt

2 REPLIES 2

L2 Linker

Perhaps this was fixed in 8.0.5

 

There is a fix listed

 

PAN-77171

Fixed an issue where the firewall discarded sessions that required the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher for SSL decryption

L1 Bithead

Add these url`s to no-decrypt:

 

*.mp.microsoft.com/
*.microsoft.com
fe2.w2.microsoft.com

  • 2957 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!