We are using WSUS to manage our Windows updates. It's hosted on Windows Server 2012 and runs smoothly.
We recently added a Windows Server 2012 in DMZ and pointed it to our WSUS server:
server --- DMZ --- PA2020 --- LAN --- WSUS server
The PA2020 does not recognize specific WSUS traffic to the WSUS server.
That is: most detecting/reporting passes fine as application ms-sms.
The actual downloading of updates is not recognized as ms-update, but as web-browsing. That traffic is on the non-default http port 8530 (this is in fact the default port voor WSUS). Our other servers in DMZ (Windows Server 2008 R2) update fine and their traffic to the WSUS server is identified as expected (ms-update).
We are on app definition version 391-1924.
Anyone else seeing similar behaviour ?