Troubleshooting
Problem
If Outbound SSL decryption is enabled on QRadar Network Security (XGS), Windows Updates fail.
Resolving The Problem
To resolve the issue in firmware 5.3.1.1 or greater, add the following Outbound SSL Inspection Policy rule as defined below:
Action: Ignore
Source: Any
Destination: Any
Domain: Microsoft domain certificate
To resolve this issue in versions 5.3.0.0 - 5.3.1.0, add an Outbound SSL Inspection Policy rule as defined below:
Action: Ignore
Source: Any
Destination: Any
Domain: Domain Certificate List
Note: The Domain Certificate List Object should have
This rule must be above the Source: Any, Destination: Any, Domain: Any, Action: Inspect rule. For example, if the Any, Any, Any, Inspect is rule 5, then the Windows Update rule needs to be positioned at 4 or less.
Action: Ignore
Source: Any
Destination: Any
Domain: Microsoft domain certificate
To resolve this issue in versions 5.3.0.0 - 5.3.1.0, add an Outbound SSL Inspection Policy rule as defined below:
Action: Ignore
Source: Any
Destination: Any
Domain: Domain Certificate List
Note: The Domain Certificate List Object should have
*.update.microsoft.com
in the URL List.This rule must be above the Source: Any, Destination: Any, Domain: Any, Action: Inspect rule. For example, if the Any, Any, Any, Inspect is rule 5, then the Windows Update rule needs to be positioned at 4 or less.
[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"SSL Inspection","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"SSL Inspection","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 January 2021
UID
swg21903062