1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows Updates On Perimeter network ISA!!!

Discussion in 'Networks' started by coolc, Jan 7, 2011.

  1. coolc

    coolc Nibble Poster

    84
    0
    4
    Hello,

    There are a couple of servers in the perimeter network at the place I do work, the perimeter network has no internet connection so the servers in the perimeter network cannot download any updates from ms. I can configure the ISA server to allow windows updates but I wanna strict the ports and etc so only windows updates would be downloaded, any advice?
     
  2. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    Chain WSUS servers. Get one in perimeter network and point it at other WSUS which has internet connection. Allow traffic between these 2 machines (and only them) and off you go.

    That's how I would do it.

    Windows Update uses http port so no chance of restricting the traffic to updates only. What you can do though is unlock http traffic from the servers (that you want to update) to internal WSUS server and block everything else.
     
    Last edited: Jan 7, 2011
    WIP: Uhmm... not sure
  3. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    You could also secure it with SSL... But chaining is one of those decent things to do. Doesn't need to be forced to use port 80 however.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  4. coolc

    coolc Nibble Poster

    84
    0
    4
    There is no wsus server in the network bro, I cannot be stuffed deploying one, I need the updates to cum (come) from ms update site.
     
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Can you not put a rule on ISA only to allow web traffic to the Windows update URLs from servers in the DMZ?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...