XG 19.5.0 GA.
I am attempting to run windows update however the update cannot complete. The web filter log is showing "HTTP parsing error encountered". Windows updates are excluded from HTTPS scanning, zero day protections, and policy checks as the default option. In the web filter exclusions. the web filter log is showing that something in my web policy is blocking it. But the log entry is not telling me which category it is.
2023-03-04 12:06:54Web filtermessageid="16002" log_type="Content Filtering" log_component="HTTP" log_subtype="Denied" fw_rule_id="1" fw_rule_name="Basic Outgoing" fw_rule_section="Local rule" user="" user_group="" web_policy_id="4" web_policy="Blocked sites" category="" category_type="Acceptable" url="" content_type="" override_token="" src_ip="192.168.1.30" dst_ip="52.159.127.243" protocol="TCP" src_port="1833" dst_port="443" bytes_sent="0" bytes_received="0" domain="" exception="" activity_name="" reason="HTTP parsing error encountered." user_agent="" status_code="403" transaction_id="74e38bd2-c425-487f-af5a-e7ba75fb2894" referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id="2725161472" app_name="" app_is_cloud="0" override_name="" override_authorizer="" used_quota="0"
I did a reverse IP lookup on 52.159.127.243 and it is an IP belonging to Microsoft,
The categories I have blocked are:
Advertisements
Command & control
CRL and OCSP
Parked Domain
Peer-to-peer torrents
Personal sites
Phishing and Fraud
Spam URLs
Spyware & Malware
Uncategorized.
One of these categories is causing Windows update to fail according to the web filter that is saying the IP is part of my blocked sites policy. The firewall rule is applying this policy to all web traffic going from LAN to WAN.
This thread was automatically locked due to age.
