Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » How to Allow Windows Updates directly from Microsoft?
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
I want to block web browsing while allowing Microsoft updates.
https://technet.microsoft.com/en-us/library/bb693717.aspx lists the permitted URLs. How implement this in Kerio Control 8?

Thanks in advance.
Regards.
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Kerio Control already has a URL group configured for Microsoft Updates. It's located at Definitions-->URL Groups-->Microsoft Updates. This group is embedded within a larger group called Automatic Updates.

If you look within Content Filtering, you should see a default rule that permits traffic to the URL's contained within Automatic Updates.

Ken Snyder
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
Thanks for your response.

There is not default rule nor Automatic Updates group. Howecer, there is Microsoft Updates URL group, so I assume that's ok.

I have set a rule that permits traffic to the URL's contained within Microsoft Updates:

- Detected content: Microsoft Update
- Source: IP Address Group containing the IP addresses of machines allowed to get automatic updates.
- Action: Allow (w/o additional settings)

Does not work, machines are blocked by "Block other traffic" default traffic rule.

I don't understand how content filter work, I have not used it so far. How content filter is related to traffic rules?

Not related, can an IP Address Group contain URLs like URLs Group (including wildcards)?

Regards.
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
The order of your rules is very important. If you have "Block" before "Allow" then allow never gets evaluated and, hence, you are blocked. See our knowledge base: http://kb.kerio.com and, specifically, http://kb.kerio.com/1513

[Updated on: Fri, 24 July 2015 20:30]


Ken Snyder
  •  
G.L.M.

Messages: 26
Karma: 0
Send a private message to this user
I have added a traffic rule allowing HTTP/HTTPS from MS_AU_ALLOWED IP Address Group to Internet Interfaces, set before the default "Block other traffic" rule. Now MS_AU_ALLOWED machines can reach any Internet site. This is bad in our scenario. So I have added a content rule denying any detected content from source MS_AU_ALLOWED; this second content rule is set after the content rule allowing Microsof Updates. But MS_AU_ALLOWED machines still can reach any Internet site. Why?



  •  
Petr Dobry (Kerio)

Messages: 778
Karma: 61
Send a private message to this user
Content filter rules are applied to HTTP/HTTPS traffic on top of the traffic rules.
You need to create a traffic rule allowing those computers access to the internet.
Then you can create a content filter rule allowing Microsoft Update. Next you need to create a content rule blocking all other URLs and put it directly below the previous rule.
Both content filter rules should be limited to specific IP address group (Source).

Petr Dobry
Product Development Manager | Kerio

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Looking for help ? - http://kb.kerio.com
Previous Topic: DNS resolution troubles after upgrading to 8.6 patch 1
Next Topic: Control on UPS
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Apr 24 17:11:37 CEST 2017

Total time taken to generate the page: 0.00420 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.