I am interested in finding the best method to restrict outbound traffic for clients. I would like to prevent one of my network from reaching any internet destination, with a single exception for Microsoft Update. Microsoft gives the following URLs to which to allow HTTP or HTTPS traffic:
Layer 3 firewall rules won't work since Microsoft gives the * wildcard character in the URLs. Layer 7 firewall rules only allow denial, not permit. I suppose I could look into pairing a Layer 3 firewall rule allowing only TCP 80/443, then use content filtering perhaps? With what methods could this be achieved?
Hmmm I've looked at the options and to be honest I am not sure you can do this. If you could schedule access rules which you can't you could schedule HTTP and HTTPS traffic at out of office hours to allow windows update to work but right now I don't see any solution other than Windows server update services.
One of the others guys/girls might have a solution.