Hey everyone,
This is probably a super basic question, but I've been trying to figure it out for a while now and am just stumped. We have a Sophos UTM firewall deployed in the field with a PC that needs to get Windows updates. I've used this site as a reference for the DNS addresses, which I've added as network definitions and made into a DNS group: https://learn.microsoft.com/en-us/answers/questions/457840/what-are-the-ip-ranges-for-microsofty-windows-upda
I then wrote a firewall rule for that PC to be allowed to connect to that DNS group using HTTP and HTTPS and I've also written a country blocking exception rule for that Microsoft DNS group using HTTP and HTTPS as well.
When I trigger Windows updates on the PC and watch the live log though, I still see it being country blocked, which is where I'm stuck. Other than allowing traffic from each individual country that Microsoft could be using, which seems to change a lot, I can't figure out why it's still being country blocked. Would the country block exception not cover that?
Here's some screenshots of the rules for clarity:
https://imgur.com/a/isPvdlI
Thanks!
This thread was automatically locked due to age.
