Thread Info
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 14095 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues with windows update since moving to Sophos web gateway.

CharlesMcNeill

We have recently (in the last 6 months) switched from Trend Micro products to Sophos.  We have had issues downloading windows updates since the switch.  Sometimes they take hours,  sometimes it can run for days, before the updates install.  Any suggestions?


We have caching turned off.  We have https: scanning turned off.  We are on version 4.2.1.3 of the web gateway.  I have allowed microsoft.com and windowsupdate.com in the local site list.  Can anyone help with suggestions as far as what to look at next?


Thanks

Charles



This thread was automatically locked due to age.
Parents

  • That being said, I'm leaning toward the problem being with the BITS range requests.  The SWA typically does not allow range requests (download the middle of a file) because they cannot be virus scanned.  When Microsoft does background downloading up updates they use BITS which does this.  But if I recall correct we trust all Microsoft servers so the BITS should work.

    I would contact Support, because I don't think your problem is typical.

  • in reply to Michael Dunn

    I have opened a support ticket for this issue.  #6015577.  The only answer I can get from support is:

    You may need to create a rule in your firewall for all traffic from Windows update should not pass thru the appliance anymore.You may need to create a rule in your firewall for all traffic from Windows update should not pass thru the appliance anymore.

    I never had to create a rule like this when we had Trend Micro.  I don't understand why the web appliance would block windows update traffic even though I have added microsoft.com and windowsupdate.com to my local site list.  And if it's blocking that, what else is it blocking?

    Thanks

    Charles

  • in reply to CharlesMcNeill

    When you say that you put it in the Local Site List, did you also set the Risk to Trusted?

    I would continue with support.  Creating a firewall rule would work, but is not the normal solution.  It bypasses the problem rather than resolves it.

  • in reply to Michael Dunn

    I have not given up on the support ticket yet.  I did reply asking why I have to do that when I didn't with Trend.  I did go into the local site list and make windowsupdate.com and microsoft.com trusted websites.

    Thanks

    Charles

Reply Children
Unfiltered HTML