Just for your info.
Windows 10 devices had trouble updating with resulting error 0x80245006
There were no usefull errors on my XG 18 firewall, just "HTTP parsing error encountered."
At that time I start changing firewall rules which did not help.
Then checked the Sophos Log viewer again with only the SSL/TLS inspection Module.
There were som Green/Blue slots, does not look like a error to me but checking the url's there were some Microsoft domains.
I have put these Microsoft Domains in the "Local TLS exclusion list" and Windows 10 devices start updating.
Why are those Domains not on Sophos TLS Exclusions list??
These are the domains I have put on "Local TLS exclusion list" (don't think they all have to be there but worked for me)
slscr.update.microsoft.com, licensing.mp.microsoft.com, fe3cr.delivery.mp.microsoft.com, client.wns.windows.com, fe2cr.update.microsoft.com
This thread was automatically locked due to age.
