How to Block Web Browsing while Allowing Microsoft Updates

How to Block Web Browsing while Allowing Microsoft Updates

82807
Created On 09/25/18 17:39 PM - Last Modified 01/30/25 22:40 PM


Environment


  • PAN-OS 7.1
  • Palo Alto Firewall.

Procedure


The following procedure will block web browsing while allowing Microsoft updates.

 

  1. Create a URL filter to block all URL categories using GUI: Objects > Security Profiles > URL Filtering
  2. Add the following sites to the allow list:
windowsupdate.microsoft.com
*.microsoft.com
download.windowsupdate.com
*.windowsupdate.com

 

  1. Create a security policy to allow the following applications:
    • Go to Policies > Security and add a new rule. Under Application, include ms-update and web-browsing
    • Under Profile add the URL filter created for ms-update.
url_1.JPG

 

url_2.jpg 

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHXCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language