How to block Windows update by using Firewall with URL Filter and DNS Filter?

In some conditions, network administrator might consider to block the LAN clients from Windows update server, to prevent the unawareness Windows update. We can use the Firewall with URL filter and DNS filter to block the Windows update server. The idea is to use the firewall to block the domains which are related to the Windows update service. This note demonstrates how to set up this application.

Content:

 

Setting on most of Vigor Routers

1. Go to Objects Setting >> Keyword Object page and save the keywords to Keyword Object:

a. Click an available profile index

 

 b. Enter one of the following keywords as Name and Contents:

  • windowsupdate
  • update.microsoft
  • download.microsoft
  • ws.microsoft
  • ntservicepack.microsoft
  • wustat.windows

c. Click OK to save

 

 2. Repeat step 1 to create the profiles for each keyword.

 

 

3. Go to CSM >> URL Content Filter Profile page and create URL Content Filter:

a. Click an available profile index

 

b. Enter a Profile Name

c. Enable URL Access Control

d. Select Block as Action

e. Click Edit

f. Select the keyword objects created in the previous steps

g. Click OK to close the pop out window, then click OK to save

 

4. Go to CSM >> DNS Filter page and create DNS Filter:

a. Click an available profile index

  

b. Enter a Profile Name

c. Select the profile created in the previous step as UCF

d. Click OK to save

 

5. Set up Firewall, go to Firewall >> Filter Setup >> Filter Set 2 page:

a. Click an available rule index

 

b. Enable the Filter Rule

c. Enter a Comments

d. Select LAN/DMZ/RT/VPN -> WAN as Direction

e. Select Pass Immediately as Filter

f. Select the profile created in the previous steps as URL Content Filter and DNS Filter

After finishing the above configuration, the LAN clients will be blocked from the Windows update service.

 

Setting on Vigor3900, Vigor2960 or Vigor300B

1. Create DNS Object, go to Objects Setting >> Keyword / DNS Object page, DNS Object tab:

a. Click Add

 

b. Enter a Profile name

c. Click Add to input the following keywords:

  • windowsupdate
  • update.microsoft
  • download.microsoft
  • ws.microsoft
  • ntservicepack.microsoft
  • wustat.windows

d. Click Apply to save

 

2. Set up Firewall, go to Firewall >> Filter Setup page, IP Filter tab:

a. Click Add

b. Enter a Group name

c. Enable this group

 

d. Click inside the group box

 

e. Enter a Profile name

f. Enable this profile

g. Select Block as Action

h. Select the profile created in the previous step as Destination DNS Object in Destination IP

i. Click Apply to save

 After finishing the above configuration, the LAN clients will be blocked from the Windows update service.

Was this article helpful?
71How to block Windows update by using Firewall with URL Filter and DNS Filter? has been viewed------ 71 ------times.