Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Block Web Browsing while Allowing Microsoft Updates - Knowledge Base - Palo Alto Networks

How to Block Web Browsing while Allowing Microsoft Updates

80229
Created On 09/25/18 17:39 PM - Last Modified 01/04/21 22:07 PM


Environment


  • PAN-OS 7.1
  • Palo Alto Firewall.


Resolution


The following procedure will block web browsing while allowing Microsoft updates.

 

  1. Create a URL filter to block all URL categories using GUI: Objects > Security Profiles > URL Filtering
  2. Add the following sites to the allow list:
windowsupdate.microsoft.com
*.microsoft.com
download.windowsupdate.com
*.windowsupdate.com
 
  1. Create a security policy to allow the following applications:
    • Go to Policies > Security and add a new rule. Under Application, include ms-update and web-browsing
    • Under Profile add the URL filter created for ms-update.
url_1.JPG
 
url_2.jpg 

 

 



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHXCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language