FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
csharma85
Staff
Staff
Article Id 317605
Description This article describes how to allow only Edge and Windows updates for a Windows machine
Scope FortiGate.
Solution

For Edge updates, create a firewall policy with the below destination:

 

msedge.api.cdp.microsoft.com

*.dl.delivery.mp.microsoft.com

edge.microsoft.com

 

EdgeUpdatesPolicy.JPG

 

For Windows updates, create an Application Control profile allowing Windows updates only and then use it in a firewall policy with deep inspection enabled.

 

ApplicationControlProfile.JPG

 

ApplicationControlPolicy.JPG

 

With the below sequence of policies, the Windows machine will have access to only Edge and Windows updates:

 

Policy.JPG

Contributors