How to Block Web Browsing while Allowing Microsoft Updates

How to Block Web Browsing while Allowing Microsoft Updates

44153
Created On 09/25/18 17:39 PM - Last Modified 01/04/21 22:07 PM


Environment
  • PAN-OS 7.1
  • Palo Alto Firewall.


Resolution

The following procedure will block web browsing while allowing Microsoft updates.

 

  1. Create a URL filter to block all URL categories using GUI: Objects > Security Profiles > URL Filtering
  2. Add the following sites to the allow list:
windowsupdate.microsoft.com
*.microsoft.com
download.windowsupdate.com
*.windowsupdate.com
 
  1. Create a security policy to allow the following applications:
    • Go to Policies > Security and add a new rule. Under Application, include ms-update and web-browsing
    • Under Profile add the URL filter created for ms-update.
url_1.JPG
 
url_2.jpg 

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHXCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language