Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6473
Views
0
Helpful
4
Replies

How to block Windows update services?

Go to solution
endpoint
Level 1
Level 1

‎05-09-2012 11:22 AM

We have a need to prevent windows update traffic to flow thru our network on certain dates. Basically this type of traffic will clog our mpls bandwidth preventing other type of traffic to flow. We are using up to some part QoS on out routers but it not working all the time. Eg, we put in ip address of one windows update server but updates are pulled of the other, then you enter second ip and updates are coming from third, etc.

I would like to explore other, a bit more controllable options utilizing Cisco's technology: ASA 8.4, IronPort WSA.

In summary, to create a traffic policy, not specific to IP addresses, that will kick in at certain date/time, be on for certain period of time and turned off after (automatically).

Any ideas, suggestions how to tackle this issues would be greatly appreciated.

Regards,.

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP
In response to endpoint

‎05-09-2012 12:10 PM

That is the point of the User Agent setting. (LOOK AT THE FIRST PICTURE, at the bottom and read what I wrote...)

The only application that it blocks is Microsoft's Windows Update.  (the stuff in teal is clickable...)

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ken Stieers
VIP
VIP

‎05-09-2012 11:50 AM

In WSA, go to Web Security Manager/Define Custom Time ranges, and create a time range, call it "Workday", set it for the time you want to block.

Create a new Access Policy, set the identies to All Users, click Advanced at the bottom.

Set the time range to the Workday time range.

Set the user agent to the Microsof Windows Updates (Its under Common User Agents/Others)

In the Protocols section of the policy, set it for "Define custom settings", and tell it to http, ftp, etc.

There are other ways to do it, creating an Identity for example, and then creating a policy for that, but this should work...

0 Helpful

Go to solution
endpoint
Level 1
Level 1
In response to Ken Stieers

‎05-09-2012 11:58 AM

That is my chalenge; i cannot block http or Native FTP because other business applications are using these protocols. I was wonderign to use regex-type of policy that will look for *microsoft.com* and block all related to this. For dates that i need to implement the policy i am not concern about web access to anything microsoft.com. How is regex used within WSA? Sorry i am new to WSA.

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to endpoint

‎05-09-2012 12:10 PM

That is the point of the User Agent setting. (LOOK AT THE FIRST PICTURE, at the bottom and read what I wrote...)

The only application that it blocks is Microsoft's Windows Update.  (the stuff in teal is clickable...)

0 Helpful

Go to solution
endpoint
Level 1
Level 1
In response to Ken Stieers

‎05-09-2012 12:23 PM

Great, thanks for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents