Windows Update servers identify the content they deliver to a computer as a generic binary stream (such as octet stream), which is blocked by the default HTTP proxy rules. To allow Windows updates through the HTTP-proxy, you must edit your HTTP-Client proxy ruleset to add HTTP-proxy exceptions for the Windows Update servers.
- Make sure that your Firebox allows outgoing connections on port 443 and port 80.
These are the ports that computers use to contact the Windows Update servers.
- In the HTTP Proxy Action configuration, select HTTP Proxy Exceptions.
- In the text box, type or paste each of these domains, and click Add after each one:
- Save the configuration.
If You Still Cannot Download Windows Updates
If you have more than one HTTP-proxy policy, make sure that you add the HTTP exceptions to the correct policy and proxy action.
Microsoft does not limit updates to only these domains. Examine your log messages for denied traffic to a Microsoft-owned domain. If you do not have a WatchGuard Log Server, run Windows Update and then review the log messages for your device. For more information, see Device Log Messages (Traffic Monitor). Look for any traffic denied by the HTTP-proxy. The log message details should include the domain. Add any new Microsoft domain to the HTTP-proxy exceptions list, and then run Windows Update again.