Possible to throttle Windows Updates with Watchguard Firewall ?

[Hayabusa1989]

Hi,

 

Just as the title says, i need to find out if it is possible to limit the bandwidth of windows updates on a WatchGuard Firewall, I realize with every other firewall this is possible but Watchguard are generally annoying, I can't flash it to PFsense or anything that would make it nice and tasty as this is a work issue. 

 

Thanks Guys !

[Lurick]

What about using group policy and setting BITS to throttle update bandwidth usage?

[Hayabusa1989]

Yeah i did think about that but apparently windows 10 still Blasts it way through that

[gamerking]

1 hour ago, Hayabusa1989 said:

Hi,

 

Just as the title says, i need to find out if it is possible to limit the bandwidth of windows updates on a WatchGuard Firewall, I realize with every other firewall this is possible but Watchguard are generally annoying, I can't flash it to PFsense or anything that would make it nice and tasty as this is a work issue. 

 

Thanks Guys !

just disable the update service ive given up trying to block or slow the updates . now you cant even force windows not to wake up randomly . you uncheck the wake this pc box and it auto ticks as soon as you close the window

[Hayabusa1989]

1 minute ago, gamerking said:

just disable the update service ive given up trying to block or slow the updates . now you cant even force windows not to wake up randomly . you uncheck the wake this pc box and it auto ticks as soon as you close the window

wish this was a possibility but my boss wont allow us to do that for 20 computers.

[leadeater]

Use group policy to setup DSCP rules on the windows update process/exe and then on your network equipment, the firewall or something else that supports QoS with DSCP, configure priority queues with the parameters you so wish.

 

Not to be a massive dick and touch on a pain point but FortiGate can just do this traffic shaping out of the box and natively detect windows update traffic, http://kb.fortinet.com/kb/viewContent.do?externalId=FD36831&sliceId=1. Maybe Watchguard can too?

 

See also https://forum.fortinet.com/tm.aspx?m=109872 for the mentioned native method and also a more manual method based on url/dns.

[jj9987]

Group Police Editor is a good idea, it can block updates and is doing it quite well on my PC. The only requirement is that you need Windows 10 Pro, Education or Enterprise.

[Hayabusa1989]

On 16/12/2016 at 4:59 PM, leadeater said:

Not to be a massive dick and touch on a pain point but FortiGate can just do this traffic shaping out of the box and natively detect windows update traffic, http://kb.fortinet.com/kb/viewContent.do?externalId=FD36831&sliceId=1. Maybe Watchguard can too?

Haha don't worry i wont take it badly