Enable Windows Updates Through the HTTP-Proxy

Windows Update servers identify the content they deliver to a computer as a generic binary stream (such as octet stream), which is blocked by the default HTTP proxy rules. To allow Windows updates through the HTTP-proxy, you must edit your HTTP-Client proxy ruleset to add HTTP-proxy exceptions for the Windows Update servers.

  1. Make sure that your XTM device allows outgoing connections on port 443 and port 80.
    These are the ports that computers use to contact the Windows Update servers.
  2. On the Edit page of the proxy action, select the HTTP Proxy Exceptions category.
  3. In the text box, type or paste each of these domains, and click Add after each one:
    *.windowsupdate.com
    *.microsoft.com
    *.windows.com
  4. Click Save.

If You Still Cannot Download Windows Updates

If you have more than one HTTP-proxy policy, make sure that you add the HTTP exceptions to the correct policy and proxy action.

Microsoft does not limit updates to only these domains. Examine your log messages for denied traffic to a Microsoft-owned domain. Look for any traffic denied by the HTTP-proxy. The log message details should include the domain. Add any new Microsoft domain to the HTTP-proxy exceptions list, and then run Windows Update again.

See Also

HTTP-Proxy: Exceptions

About the HTTP-Proxy

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base