No Windows Updates with SSL Inspection

Spielkultur_1
Spielkultur_1 Posts: 13  Freshman Member
First Comment
edited April 2021 in Security

Hello together,

if the ssl inspection is turned on, no more windows updates can be executed on the clients. I have already read that it´s a certificate problem and that you have to exclude the windows update domains from the ssl inspection. I have already done that, but unfortunately it has brought nothing. I excluded the following domains from SSL inspection:

windowsupdate.microsoft.com 

update.microsoft.com 

download.windowsupdate.com 

redir.metaservices.microsoft.com 

images.metaservices.microsoft.com 

c.microsoft.com 

download.windowsupdate.com 

wustat.windows.com 

crl.microsoft.com


Can anyone help me with this problem?

Thanks!

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Spielkultur_1

    Can you help to check if there is any other domain related to Microsoft in USG Certificate Cache List?  


    Certificate Cache List at “Monitor > UTM Statstics > SSL inspection > Certificate Cache List”


  • itxnc
    itxnc Posts: 98  Ally Member
    First Comment Friend Collector Sixth Anniversary
    edited October 2019
    Add *.mp.microsoft.com

    Fixed it for me.

Security Highlight