Windows updates behind a physical firewall with only IP based rules and generic outbound connections are turned off
Posted
by
user125245
on Server Fault
See other posts from Server Fault
or by user125245
Published on 2012-06-19T19:11:31Z
Indexed on
2012/06/19
21:18 UTC
Read the original article
Hit count: 202
I have some boxes that I do not want to allow any in or outbound traffic to the internet Except for windows updates. However the fire wall in place (Cisco ASA) apparently only supports ip based rules. As best I can tell access to Microsoft updates via anything other then the half dozen URL masks the Microsoft lists as needed does not appear possible.
I have kicked around building a full WSUS that I would then manually copy the update files to so that no direct Microsoft access is needed but this sounds very top heavy for the very few boxes involved.
I have also kicked around manual updates all around but am not certain how to be conveniently and confidently sure that the correct updates are being applied in the correct order.
Any ideas from any direction would be appreciated. I want this as simple / cost effective as possible but have very little flexibility on the only absolutely required internet access policy.
© Server Fault or respective owner