Allow only window update on servers

Moneeb Lv2Posted 28 Aug 2023 14:27

Dear All,

I have blocked the internet on my DMZ zone and now i want to allow only windows update for DMZ. I have tried it through application control policy but it isn't working. Kindly suggest if there is another way.

ArsalanAli has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Open troubleshooting and check what ports and URLs are blocking, while updating windows. Then Allow them indvisually
Is this answer helpful?
Newbie517762 Lv5Posted 31 Aug 2023 11:35
  
HiHi,

If your configuration is in order, I kindly suggest reaching out to the Sangfor Technical Team for a prompt resolution to this issue.
Moneeb Lv2Posted 30 Aug 2023 13:55
  
Already done that. Actually I have already configured the basic configuration as I found on internet to enable the windows update but it isn't working. I need specifically the method/steps need to configure on Sangfor NGAF 8.0.47. If there is any document/video related to it available then kindly share.

CLELUQMAN Lv4Posted 30 Aug 2023 11:28
  
"only windows update for DMZ" put this policy at the top, before the " blocked the internet on my DMZ" inside the application control policy
Moneeb Lv2Posted 29 Aug 2023 18:44
  
Kindly give the solution specifically for Sangfor NGAF 8.0.47 not any general firewall.
Ann Max Lv2Posted 29 Aug 2023 17:22
  

Sure, I can help you with that. Here are the steps on how to allow only Windows Update for DMZ through firewall rules:

Identify the IP addresses of the Microsoft Windows Update servers. You can find these IP addresses on the Microsoft website.
Create a firewall rule that allows traffic from the DMZ to the Microsoft Windows Update servers. The rule should allow traffic on ports 80 and 443.
If you are using a firewall that supports URL filtering, you can also create a rule that allows traffic to the specific URLs that are used by Windows Update.
Here is an example of a firewall rule that allows traffic to the Microsoft Windows Update servers:

Rule Name: Allow Windows Update
Source: DMZ
Destination: Microsoft Windows Update Servers
Protocol: TCP
Ports: 80, 443
Action: Allow
Once you have created the firewall rule, Windows Update should be able to download updates from the Microsoft Windows Update servers.

If you are still having problems, you can contact your firewall vendor for support.

Here are some additional things to keep in mind:

Make sure that the firewall rule is applied to all interfaces that are connected to the DMZ.
If you are using a firewall that supports application control, you can also create an application control rule that allows Windows Update traffic.
You may also need to configure your DNS server to point the DMZ to the Microsoft Windows Update servers.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders