Windows Updates fail with Outbound SSL inspection enabled on QRadar Network Security

Troubleshooting

Problem

If Outbound SSL decryption is enabled on QRadar Network Security (XGS), Windows Updates fail.

Resolving The Problem

To resolve the issue in firmware 5.3.1.1 or greater, add the following Outbound SSL Inspection Policy rule as defined below:

Action: Ignore
Source: Any
Destination: Any
Domain: Microsoft domain certificate

To resolve this issue in versions 5.3.0.0 - 5.3.1.0, add an Outbound SSL Inspection Policy rule as defined below:

Action: Ignore
Source: Any
Destination: Any
Domain: Domain Certificate List

Note: The Domain Certificate List Object should have *.update.microsoft.com in the URL List.

This rule must be above the Source: Any, Destination: Any, Domain: Any, Action: Inspect rule. For example, if the Any, Any, Any, Inspect is rule 5, then the Windows Update rule needs to be positioned at 4 or less.

[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"SSL Inspection","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"SSL Inspection","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Windows Updates fail with Outbound SSL inspection enabled on QRadar Network Security

Troubleshooting

Problem

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?