Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
I would also create groups for all protocols / ports that a specific software update service uses and then create one rule in the firewall from that machines ip to the configure services.
Hope this helps