Hi Aditya Sir,

sudhakar346 · ‎03-17-2016

Hi All,

I have an isolated network setup where the desktop need to have a windows path updates from the internet and rest is need to blocked

I tried with object and fqdn, on which we are unable to access the windows patch updates successfully

Thank you

sudhakar

Aditya Ganjoo · ‎03-17-2016

Hi Sudhakar,

I understand you want to allow MS updates through the ASA.As per their link we have a lot of FQDN's for the same. Some of them have wildcards as well.

We want to allow the servers to download windows-updates and therefore try to create rules for every windows-update domain from microsoft:

https://technet.microsoft.com/de-de/library/bb693717.aspx

However, some of the listed domains require a wildcard, which we cannot create as an network object. Without these wildcard-domains, windows-update does not work.

If you want to accomplish that in the ASA, the best option would be to use the Modular Policy Framework and L7 filtering, you will match the URL with regex. This is explained in this document along with some real examples, please take a look at it and let me know if you have any question:

https://supportforums.cisco.com/document/7201/asa-url-filtering-without-websense-or-n2h2smartfilter-server

Regards,

Aditya

Please rate helpful posts.

sudhakar346 · ‎05-14-2016

Hi Aditya Sir,

i tried using moduler frame but, unable to do the same, can you please suggest any working example so i can check the same.

Thank you very much for your support

Thanks and Regards

Sudhakar

Windows Update from cisco ASA