Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LadaNemecek
Participant

Problem with Windows Update

Hi,

can anybody help/advise what to check/where to start with Win update problems?

Customer runing 6400 cluster on R81, https inspection on,

enabled_blades fw vpn urlf av appi ips identityServer SSL_INSPECT anti_bot ThreatEmulation mon Scrub

 

Reporting the problem with direct winupdate, local wsus updates are fine. By them difference between nonCP subnet vs CP controlled subnet are: 

-servers cannot find updates/cannot update download most of time,

-updates found after seveal tries sometime,

-time to find/download update 10times longer behind CP

 

as far as know Update services should be bypasses implicitly + HTTPS policy contains rules:

Capture.PNG

 

 

log not shows any Microsoft related connections processed by inspection / blocked (little bit wierd log from TE which is not enabled for this subnet..), but in result have no idea where to look more.Capture2.PNG

 

Thanks for tips here,

LN

0 Kudos
3 Replies
the_rock
Legend
Legend

First thing I would look at are drops in dashboard. Then, run zdebug on the firewall filtering for IP address of the affected machine...say IP is 10.10.10.35, you would do fw ctl zdebug + drop | grep 10.10.10.35 from expert mode of the firewall or whichever one is master, if cluster. If that does not show anything either, then I would dig deeper with tcpdump and fw monitor, also filter for specific IP.

 

Andy

0 Kudos
LadaNemecek
Participant

Didn't directly checked fw ctl zdebug drops so far... but in Smartlog no any relevant drops.In additional don't think so its a hard network/firewalling error,

Looks to me as a intercepting problem (sometimes ok, sometimes not, tooks longer, problem running accross servers...), thats why suspecting URL filtering and HTTPS inspect

0 Kudos
the_rock
Legend
Legend

Easiest way to tell is if you disable https inspection and test...never seen url filtering cause this, but logs would show it, for sure.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events