UTM Web Filter blocks Office Updates

Question

Hi guys, 
 I know this topic has been discussed a lot already. But all of a sudden we have that problem with many UTM installation at our clients. 
 We have done a lot of research and added all the exceptions we could find regarding this topic. However it is not working anymore. 
 If we set the Web Filter Exception to "coming from theses network" => "internal network" then the updates are working fine. So we are sure that web filter is the problem but of cource we can't leave this execption. It was only testing purpose. 
 Below you can see the list of exception we have already added but not working. Could someone help please? Our customers are using Office 2019 click to run and also Office 365. 
 Thanks in advance!! 
 ^([A-Za-z0-9.-]*\.)?officeapps\.live\.com/ ^([A-Za-z0-9.-]*\.)?online\.office\.com/ ^([A-Za-z0-9.-]*\.)?office\.live\.com/ ^([A-Za-z0-9.-]*\.)?cdn\.office\.net/ ^([A-Za-z0-9.-]*\.)?contentstorage\.osi\.office\.net/ ^([A-Za-z0-9.-]*\.)?onenote\.com/ ^([A-Za-z0-9.-]*\.)?cdn\.onenote\.net/ ^([A-Za-z0-9.-]*\.)?ajax\.aspnetcdn\.com/ ^([A-Za-z0-9.-]*\.)?apis\.live\.net/ ^([A-Za-z0-9.-]*\.)?www\.onedrive\.com/ ^([A-Za-z0-9.-]*\.)?auth\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?msftidentity\.com/ ^([A-Za-z0-9.-]*\.)?msidentity\.com/ ^([A-Za-z0-9.-]*\.)?account\.activedirectory\.windowsazure\.com/ ^([A-Za-z0-9.-]*\.)?accounts\.accesscontrol\.windows\.net/ ^([A-Za-z0-9.-]*\.)?adminwebservice\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?api\.passwordreset\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?autologon\.microsoftazuread-sso\.com/ ^([A-Za-z0-9.-]*\.)?becws\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?ccs\.login\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?clientconfig\.microsoftonline-p\.net/ ^([A-Za-z0-9.-]*\.)?companymanager\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?device\.login\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?graph\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?graph\.windows\.net/ ^([A-Za-z0-9.-]*\.)?login\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?login\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?login\.microsoftonline-p\.com/ ^([A-Za-z0-9.-]*\.)?login\.windows\.net/ ^([A-Za-z0-9.-]*\.)?logincert\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?loginex\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?login-us\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?nexus\.microsoftonline-p\.com/ ^([A-Za-z0-9.-]*\.)?passwordreset\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?provisioningapi\.microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?hip\.live\.com/ ^([A-Za-z0-9.-]*\.)?microsoftonline\.com/ ^([A-Za-z0-9.-]*\.)?microsoftonline-p\.com/ ^([A-Za-z0-9.-]*\.)?msauth\.net/ ^([A-Za-z0-9.-]*\.)?msauthimages\.net/ ^([A-Za-z0-9.-]*\.)?msecnd\.net/ ^([A-Za-z0-9.-]*\.)?msftauth\.net/ ^([A-Za-z0-9.-]*\.)?msftauthimages\.net/ ^([A-Za-z0-9.-]*\.)?phonefactor\.net/ ^([A-Za-z0-9.-]*\.)?enterpriseregistration\.windows\.net/ ^([A-Za-z0-9.-]*\.)?management\.azure\.com/ ^([A-Za-z0-9.-]*\.)?policykeyservice\.dc\.ad\.msft\.net/ ^([A-Za-z0-9.-]*\.)?compliance\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?protection\.office\.com/ ^([A-Za-z0-9.-]*\.)?security\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?defender\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?account\.office\.net/ ^([A-Za-z0-9.-]*\.)?portal\.cloudappsecurity\.com/ ^([A-Za-z0-9.-]*\.)?suite\.office\.net/ ^([A-Za-z0-9.-]*\.)?aria\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?events\.data\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?o365weve\.com/ ^([A-Za-z0-9.-]*\.)?amp\.azure\.net/ ^([A-Za-z0-9.-]*\.)?appsforoffice\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?assets\.onestore\.ms/ ^([A-Za-z0-9.-]*\.)?auth\.gfx\.ms/ ^([A-Za-z0-9.-]*\.)?c1\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?dgps\.support\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?docs\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?msdn\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?platform\.linkedin\.com/ ^([A-Za-z0-9.-]*\.)?prod\.msocdn\.com/ ^([A-Za-z0-9.-]*\.)?shellprod\.msocdn\.com/ ^([A-Za-z0-9.-]*\.)?support\.content\.office\.net/ ^([A-Za-z0-9.-]*\.)?support\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?technet\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?videocontent\.osi\.office\.net/ ^([A-Za-z0-9.-]*\.)?videoplayercdn\.osi\.office\.net/ ^([A-Za-z0-9.-]*\.)?office365\.com/ ^([A-Za-z0-9.-]*\.)?aadrm\.com/ ^([A-Za-z0-9.-]*\.)?azurerms\.com/ ^([A-Za-z0-9.-]*\.)?informationprotection\.azure\.com/ ^([A-Za-z0-9.-]*\.)?ecn\.dev\.virtualearth\.net/ ^([A-Za-z0-9.-]*\.)?informationprotection\.hosting\.portal\.azure\.net/ ^([A-Za-z0-9.-]*\.)?o15\.officeredir\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?officepreviewredir\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?officeredir\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?r\.office\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?activation\.sls\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?crl\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?office15client\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?officeclient\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?insertmedia\.bing\.office\.net/ ^([A-Za-z0-9.-]*\.)?go\.microsoft\.net/ ^([A-Za-z0-9.-]*\.)?cdn\.odc\.officeapps\.live\.com/ ^([A-Za-z0-9.-]*\.)?officecdn\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?officecdn\.microsoft\.com\.edgesuite\.net/ ^([A-Za-z0-9.-]*\.)?entrust\.net/ ^([A-Za-z0-9.-]*\.)?geotrust\.com/ ^([A-Za-z0-9.-]*\.)?omniroot\.com/ ^([A-Za-z0-9.-]*\.)?public-trust\.com/ ^([A-Za-z0-9.-]*\.)?symcb\.com/ ^([A-Za-z0-9.-]*\.)?symcd\.com/ ^([A-Za-z0-9.-]*\.)?verisign\.com/ ^([A-Za-z0-9.-]*\.)?verisign\.net/ ^([A-Za-z0-9.-]*\.)?apps\.identrust\.com/ ^([A-Za-z0-9.-]*\.)?cacerts\.digicert\.com/ ^([A-Za-z0-9.-]*\.)?cert\.int-x3\.letsencrypt\.org/ ^([A-Za-z0-9.-]*\.)?crl\.globalsign\.com/ ^([A-Za-z0-9.-]*\.)?crl\.globalsign\.net/ ^([A-Za-z0-9.-]*\.)?crl\.identrust\.com/ ^([A-Za-z0-9.-]*\.)?crl3\.digicert\.com/ ^([A-Za-z0-9.-]*\.)?crl4\.digicert\.com/ ^([A-Za-z0-9.-]*\.)?isrg\.trustid\.ocsp\.identrust\.com/ ^([A-Za-z0-9.-]*\.)?mscrl\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?ocsp\.digicert\.com/ ^([A-Za-z0-9.-]*\.)?ocsp\.globalsign\.com/ ^([A-Za-z0-9.-]*\.)?ocsp\.msocsp\.com/ ^([A-Za-z0-9.-]*\.)?ocsp2\.globalsign\.com/ ^([A-Za-z0-9.-]*\.)?ocspx\.digicert\.com/ ^([A-Za-z0-9.-]*\.)?secure\.globalsign\.com/ ^([A-Za-z0-9.-]*\.)?www\.digicert\.com/ ^([A-Za-z0-9.-]*\.)?www\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?config\.office\.net/ ^([A-Za-z0-9.-]*\.)?manage\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?office\.com/ ^([A-Za-z0-9.-]*\.)?cdnprod\.myanalytics\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?myanalytics\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?myanalytics-gcc\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?workplaceanalytics\.cdn\.office\.net/ ^([A-Za-z0-9.-]*\.)?azure-apim\.net/ ^([A-Za-z0-9.-]*\.)?flow\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?powerapps\.com/ ^([A-Za-z0-9.-]*\.)?activity\.windows\.com/ ^([A-Za-z0-9.-]*\.)?ocsp\.int-x3\.letsencrypt\.org/ ^([A-Za-z0-9.-]*\.)?cortana\.ai/ ^([A-Za-z0-9.-]*\.)?admin\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?cdn\.uci\.officeapps\.live\.com/ ^([A-Za-z0-9.-]*\.)?microsoft\.com/ ^([A-Za-z0-9.-]*\.)?msocdn\.com/ ^([A-Za-z0-9.-]*\.)?office\.com/ ^([A-Za-z0-9.-]*\.)?office\.net/ ^([A-Za-z0-9.-]*\.)?onmicrosoft\.com/ ^([A-Za-z0-9.-]*\.)?ntservicepack\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?emdl\.ws\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?dl\.delivery\.mp\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?windowsupdate\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?update\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?wustat\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?windowsupdate\.com/ ^([A-Za-z0-9.-]*\.)?crl\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?download\.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?go\.microsoft\.com/ officecdn.microsoft.com.edgesuite.net Officecdn.microsoft.com ^https?://officecdn\.microsoft\.com ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com\.edgesuite\.net/ ^https?://officecdn\.microsoft\.com\.edgesuite\.net/ ^([A-Za-z0-9.-]*\.)?windows\.com/ ^([A-Za-z0-9.-]*\.)?officecdn.microsoft\.com/ ^([A-Za-z0-9.-]*\.)?officecdn.microsoft.com.edgesuite.net/ ^([A-Za-z0-9.-]*\.)?microsoft\.com/ ^([A-Za-z0-9.-]*\.)?windowsupdate\.com/

Amodin · Accepted Answer

Just change this in your Web Exceptions (include the https?:// in the one you have already, you have this RegEx entry) 
 
 ^https?://([A-Za-z0-9.-]*\.)?cdn\.office\.net/ 
 I find it really hard to believe that you need that many exceptions just to get updates, I have a total of four, three of them were auto installed.

UTM Web Filter blocks Office Updates

Top Replies