Windows Updates and WSUS will not work through SonicWall firewall

When accessing Windows update through a SonicWall firewall, Windows Update or WSUS may fail to download updates. The event log entry may look something like this:

Description: Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header

This is caused by the default settings for the gateway antivirus service enabled on the Sonicwall.

To get around this issue, you need to access the hidden diagnostic page in the SonicWall managament site. To get there, log on to your SonicWall and then replace the trailing “main.html” in the URL with “diag.html” and hit enter. On this page, you need to adjust the settings on the following two items:

enable FTP ‘REST’ requests with Gateway AV
enable HTTP Byte-Range requests with Gateway AV

Updates should now flow through the SonicWall.