Windows 10 Updates Blocked
-
I am having an issue with Windows 10 update downloads and I am suspecting Snort is the offender.
This is my setup:
pfSense 2.6.0-RELEASE (amd64)
Squid 0.4.45_8
SquidGuard 1.16.18_20
Snort 4.1.5_2
pfBlockerNG 2.1.4_26In Snort I had incorrectly had the WAN interface enabled, switched it to LAN, set the IPS Policy selection to "Connectivity" for basic IPS/IDS. In the process of making changes, as active update on a Windows 10 PC briefly worked but stopped when rules were refreshed. That is the reason for my suspicion. If I switch to non-firewalled connection on my router updates work fine.
Any thoughts or suggestions welcome.
-
You have at least three different packages installed on your firewall that all can, to varying degrees, result in blocked network traffic (SquidGuard, Snort, and pfBlockerNG).
Do you know how to check which of these packages are producing alerts/blocks and what IP addresses they might be impacting? If so, then do the research in your alert logs for the installed packages and find out which package (or packages) is doing the blocking and which IP is being blocked. You very likely are the victim of false positives. Once you trace the true source of the block, you can make a determination if it is a false positive (or not) and proceed accordingly.
