Windows updates behind a physical firewall with only IP based rules and generic outbound connections are turned off

Posted by user125245 on Server Fault See other posts from Server Fault or by user125245
Published on 2012-06-19T19:11:31Z Indexed on 2012/06/19 21:18 UTC
Read the original article Hit count: 202

Filed under:
|
|

I have some boxes that I do not want to allow any in or outbound traffic to the internet Except for windows updates. However the fire wall in place (Cisco ASA) apparently only supports ip based rules. As best I can tell access to Microsoft updates via anything other then the half dozen URL masks the Microsoft lists as needed does not appear possible.

I have kicked around building a full WSUS that I would then manually copy the update files to so that no direct Microsoft access is needed but this sounds very top heavy for the very few boxes involved.

I have also kicked around manual updates all around but am not certain how to be conveniently and confidently sure that the correct updates are being applied in the correct order.

Any ideas from any direction would be appreciated. I want this as simple / cost effective as possible but have very little flexibility on the only absolutely required internet access policy.

© Server Fault or respective owner

Related posts about cisco-asa

Related posts about updates