Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FlavioB
New Contributor III

Created on ‎05-07-2012 05:23 AM

How to allow Windows Updates when using proxy with authentication?

Hello everybody. I got following setup: proxy on the Fortigate with FSSO Authentication (Active Directory based). Now I' d like to have Windows Updates to work without having to pass through authentication. I tried to set the exceptions in the proxy.pac file as follows: if (shExpMatch(url, " www.update.microsoft.com/*" )) { return " DIRECT" ; } Above lines didn' t help at all. Does anybody have any clue about how to get this thing correctly done? Thanks and kind regards, F.
4433
0 Kudos
3 REPLIES 3
rwpatterson
Valued Contributor III

Created on ‎05-07-2012 07:09 AM

Windows updates require more than one URL:
  • update.microsoft.com
  • windowsupdate.com
  • windowsupdate.microsoft.com Additionally for MS office updates, you could add
  • office.microsoft.com

    • Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    2513
    0 Kudos
    FlavioB
    New Contributor III
    In response to rwpatterson

    Created on ‎05-07-2012 07:35 AM

    Hy Bob, thanks for getting back to me. Following are the " exceptions" I pasted into my proxy.pac file: if (shExpMatch(url, " *.windowsupdate.microsoft.com/*" )) { return " DIRECT" ; } if (shExpMatch(url, " *.update.microsoft.com/*" )) { return " DIRECT" ; } if (shExpMatch(url, " *.windowsupdate.com/*" )) { return " DIRECT" ; } if (shExpMatch(url, " download.microsoft.com/*" )) { return " DIRECT" ; } if (shExpMatch(url, " wustat.windows.com/*" )) { return " DIRECT" ; } if (shExpMatch(url, " ntservicepack.microsoft.com/*" )) { return " DIRECT" ; } if (shExpMatch(url, " stats.microsoft.com/*" )) { return " DIRECT" ; } if (shExpMatch(url, " office.microsoft.com/*" )) { return " DIRECT" ; } This didn' t actually help, so I tried following the configuration a colleague of mine did for accessing iTunes Updates bypassing the proxy: he created also " shExpMatch" expressions in the proxy.pac file, but also added a local category to the webfilter profile called " direct-access" and put in there all the listed URLs. After doing this last step, Windows Updates are working again! F.
    2513
    0 Kudos
    rwpatterson
    Valued Contributor III
    In response to FlavioB

    Created on ‎05-07-2012 07:50 AM

    Glad it' s working. I haven' t messed with pac files since we had Blue Coat half a dozen years back. I forgot most of that stuff. I have only the 4 I posted above in my " Windows Updates" category and it seems to work fine.

    Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    2513
    0 Kudos
    Announcements
    Check out our Community Chatter Blog! Click here to get involved
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.