How to Block Web Browsing while Allowing Microsoft Updates
80229
Created On 09/25/18 17:39 PM - Last Modified 01/04/21 22:07 PM
Environment
- PAN-OS 7.1
- Palo Alto Firewall.
Resolution
The following procedure will block web browsing while allowing Microsoft updates.
- Create a URL filter to block all URL categories using GUI: Objects > Security Profiles > URL Filtering
- Add the following sites to the allow list:
windowsupdate.microsoft.com
*.microsoft.com
download.windowsupdate.com
*.windowsupdate.com
- Create a security policy to allow the following applications:
- Go to Policies > Security and add a new rule. Under Application, include ms-update and web-browsing
- Under Profile add the URL filter created for ms-update.