How to Block Web Browsing while Allowing Microsoft Updates
82807
Created On 09/25/18 17:39 PM - Last Modified 01/30/25 22:40 PM
Environment
- PAN-OS 7.1
- Palo Alto Firewall.
Procedure
The following procedure will block web browsing while allowing Microsoft updates.
- Create a URL filter to block all URL categories using GUI: Objects > Security Profiles > URL Filtering
- Add the following sites to the allow list:
windowsupdate.microsoft.com
*.microsoft.com
download.windowsupdate.com
*.windowsupdate.com
- Create a security policy to allow the following applications:
- Go to Policies > Security and add a new rule. Under Application, include ms-update and web-browsing
- Under Profile add the URL filter created for ms-update.