ms update traffic blocked by Layer 7 filtering

Marco Mancini 60 Reputation points
2023-12-06T09:37:04+00:00

Hello, we are experiencing traffic blocked by palo alto firewall on layer 7 filtering.

Even though the app ms-update and all its dependiencise include all the required ports, the client is generating a traffic on port 8530 detected as web-browsing one, hence being blocked.
see attachments.

The WUA server was set like http://SERVERURL:8530, could it be this the reason to having wrong kind of traffic generated?
From Palo Alto side we got info that all the application signatures are up to date and matching the expected behaviour of the application.
please kindly advice, thanks!

Microsoft Security | Intune | Configuration Manager | Updates
0 comments No comments
{count} votes

Accepted answer
  1. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2023-12-07T06:28:01.53+00:00

    Hi, @Marco Mancini

    Thank you for posting in Microsoft Q&A forum.

    It seems the issue is not related to SCCM, the tag "Microsoft Configuration Manager Updates" is a SCCM tag.

    I found a similar thread to your issue, you may check it to see if it helps:

    https://live.paloaltonetworks.com/t5/general-topics/ms-updates-blocked/m-p/279445#M75710

    And you may ask it in paloalto community:

    https://live.paloaltonetworks.com/t5/general-topics/bd-p/members_discuss


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.