Windows Updates On Perimeter network ISA!!!

Discussion in 'Networks' started by coolc, Jan 7, 2011.

  1. coolc

    coolc Nibble Poster

    84
    0
    4
    Hello,

    There are a couple of servers in the perimeter network at the place I do work, the perimeter network has no internet connection so the servers in the perimeter network cannot download any updates from ms. I can configure the ISA server to allow windows updates but I wanna strict the ports and etc so only windows updates would be downloaded, any advice?
     
  2. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    Chain WSUS servers. Get one in perimeter network and point it at other WSUS which has internet connection. Allow traffic between these 2 machines (and only them) and off you go.

    That's how I would do it.

    Windows Update uses http port so no chance of restricting the traffic to updates only. What you can do though is unlock http traffic from the servers (that you want to update) to internal WSUS server and block everything else.
     
    Last edited: Jan 7, 2011
    WIP: Uhmm... not sure
  3. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    You could also secure it with SSL... But chaining is one of those decent things to do. Doesn't need to be forced to use port 80 however.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  4. coolc

    coolc Nibble Poster

    84
    0
    4
    There is no wsus server in the network bro, I cannot be stuffed deploying one, I need the updates to cum (come) from ms update site.
     
  5. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Can you not put a rule on ISA only to allow web traffic to the Windows update URLs from servers in the DMZ?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.