ms update traffic blocked by Layer 7 filtering

Marco Mancini 60 Reputation points
2023-12-06T09:37:04+00:00

Hello, we are experiencing traffic blocked by palo alto firewall on layer 7 filtering.

Even though the app ms-update and all its dependiencise include all the required ports, the client is generating a traffic on port 8530 detected as web-browsing one, hence being blocked.
see attachments.

The WUA server was set like http://SERVERURL:8530, could it be this the reason to having wrong kind of traffic generated?
From Palo Alto side we got info that all the application signatures are up to date and matching the expected behaviour of the application.
please kindly advice, thanks!

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,008 questions
0 comments No comments
{count} votes

Accepted answer
  1. AllenLiu-MSFT 42,901 Reputation points Microsoft Vendor
    2023-12-07T06:28:01.53+00:00

    Hi, @Marco Mancini

    Thank you for posting in Microsoft Q&A forum.

    It seems the issue is not related to SCCM, the tag "Microsoft Configuration Manager Updates" is a SCCM tag.

    I found a similar thread to your issue, you may check it to see if it helps:

    https://live.paloaltonetworks.com/t5/general-topics/ms-updates-blocked/m-p/279445#M75710

    And you may ask it in paloalto community:

    https://live.paloaltonetworks.com/t5/general-topics/bd-p/members_discuss


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments No comments

0 additional answers

Sort by: Most helpful