topic Re: Firepower 1010 Windows update Wildcard policy in Network Security

Firepower 1010 Windows update Wildcard policy

sirajuddeen t p — Fri, 04 Sep 2020 08:40:40 GMT

Dear support team,

I have a requirement to allow only windows update from specific IP address to the internet. The firewall we use FTD1010.

we used below link as reference for the URLs and ports to be allowed for windows update.

https://answers.microsoft.com/en-us/windows/forum/all/need-windows-update-servers-ip-address-range-to/0b0d3618-f74c-411d-bb46-58bd605f7abe

Unfortunately FTD doesnt allow to use wildcard with the FQDN. Kindly advice if there is any method to achieve the requirement.

Re: Firepower 1010 Windows update Wildcard policy

Marvin Rhoads — Sat, 05 Sep 2020 11:57:01 GMT

Are you managing with FMC or with the on-box FDM?

For FMC there is an open source project that allows you to import the Microsoft )365 addresses as an object and then use that in an Access Control Policy rule.

https://github.com/chrivand/Firepower_O365_Feed_Parser

Re: Firepower 1010 Windows update Wildcard policy

sirajuddeen t p — Mon, 07 Sep 2020 10:39:22 GMT

Dear Marvin,

We are not using FMC. Small business purpose with on-box FDM.

Re: Firepower 1010 Windows update Wildcard policy

sirajuddeen t p — Fri, 18 Sep 2020 13:33:53 GMT

I was able to achieve this by adding URL object in the FTD.

microsoft.com

windows.com

s-microsoft.com

windowsupdate.com

Then created a URL group and added to above URL objects.

Then created a policy to inside to outside to allow selected URL group only.