Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

WSUS Behind ISA Firewall 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> WSUS Behind ISA Firewall 2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
WSUS Behind ISA Firewall 2004 - 5.Jul.2005 11:26:00 AM   
bdjomdj

 

Posts: 2
Joined: 5.Jul.2005
Status: offline 		My environment is as follows ;

ISA 2004 Firewall on a Windows 2003 Server,
WSUS installed on Windows 2000 Server SP4

We are currently trying to synchronise to approve the updates.

The WSUS Machine is only allowed port 80/443 access to apporved sites within
the ISA Firewall's 'Systems Policy Rule'

we have added the following domain names as specified by the microsoft
support site :

. http://windowsupdate.microsoft.com

. http://*.windowsupdate.microsoft.com

. https://*.windowsupdate.microsoft.com

. http://*.update.microsoft.com

. https://*.update.microsoft.com

. http://*.windowsupdate.com

. http://download.windowsupdate.com

. http://download.microsoft.com

. http://*.download.windowsupdate.com

. http://wustat.windows.com

. http://ntservicepack.microsoft.com


The ISA Firewall is not allowing access even though we have specified the
correct domain names,

Upon examination of the ISA logs we notice that ISA is denying connections
to the following (amonghst others) IP addresses: -

64.4.23.157
207.46.19.93
207.46.119.93

Any Support or recommendations on this issue would be most appreciated

Regards

Bruno Djoma
IT Support
Post #: 1
RE: WSUS Behind ISA Firewall 2004 - 5.Jul.2005 11:32:00 AM   
tshinder

 

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Bruno,

You also need to configure those sites for Direct Access.

HTH,
Tom

(in reply to bdjomdj)
Post #: 2
RE: WSUS Behind ISA Firewall 2004 - 6.Jul.2005 2:38:00 AM   
rino01

 

Posts: 66
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline 		Hello bdjomdj.

I don't think you can use the System Policy rule for your Wsus server, it is only for the ISA 2004 machine. Ethier way i would only use it for that. Create a firewall rule instead with the same settings.

[ July 06, 2005, 02:40 AM: Message edited by: Rickardn ]

(in reply to bdjomdj)
Post #: 3
RE: WSUS Behind ISA Firewall 2004 - 6.Jul.2005 8:31:00 AM   
bdjomdj

 

Posts: 2
Joined: 5.Jul.2005
Status: offline 		Sorry guys perhaps I sohould have clarified ;

-Rickardn
* I have created a firewall rule to allow the WSUS server access to the Microsoft sites. In the destinations section I added the systen policy allowed sites list

-Tom
* I do not think direct access is the issue here because when I check the ISA logs , I can see that ISA Server is denying access to the IP addresses I specified in my post above. It is blocking on the "default Rule"

(in reply to bdjomdj)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> WSUS Behind ISA Firewall 2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts