If you're not able to

vaibhav.parlekar1 · ‎07-05-2017

Hi,

I am facing a strange issue with regards to Microsoft Updates. I can see connection drops in the context explorer for Microsoft updates. In the logs I can see that there is inbound traffic that is being blocked by the FTD with the source port of 443 probably from microsoft update server. Since these updates are response to the request initiated from the internal networks shouldn't the inbound traffic be allowed automatically by the firewall.

Another strange thing I found is we do not need to explicitly allow microsoft update or windows update as an application in the rules. just by allowing DNS, HTTP & HTTPS it works. I can't see microsoft update application as denied application in the application statistics dashboard.

Has anyone faced a similar issue with microsoft updates on FTD 6.2.0 version.

Vaibhav

Dinesh Verma · ‎07-05-2017

If you're not able to conclude what is the reason for drops from connection event and other then try firewall-engine-debug and initiate intended traffic from one of the machines. it would give more insight: Login to FTD device and run this command. Eg:

> system support firewall-engine-debug

Please specify an IP protocol:
Please specify a client IP address: 172.16.10.10
Please specify a client port:
Please specify a server IP address:
Please specify a server port: 443

It's one of the beautiful commands to know what is happening with the traffic being sent. Hope you get some more info from this about the issue.

Regards,

Dv

Microsoft Updates require inbound rules ?