Comment for planned access rule for WSUS server

Comment for planned access rule for WSUS server (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Access Policies

Message

Mekong River -> Comment for planned access rule for WSUS server (10.Sep.2009 4:09:57 AM)
Hi, I plan to setup WSUS server behind my ISA server. I Plan to configure the following access rule for my WSUS server to access only Microsoft Windows Update website only, any other web resource are not allow to traffic from this WSUS server. The setting is listed below: General: <Rule name: any name that I prefer> Action: Deny Protocol: All outbound traffic From: WSUS (computer object) To: External (Exceptions: WSUS Domain Name Set) Content type: All content type Schedule: Always User: All Users With the above plan rule, please advice me whether I have correctly plan for access rule for my WSUS server. Thank in advance!!!

elmajdal -> RE: Comment for planned access rule for WSUS server (10.Sep.2009 6:10:17 AM)
Where is the Allow rule ?

Mekong River -> RE: Comment for planned access rule for WSUS server (10.Sep.2009 6:29:00 AM)
The action of allow is in the Exception of To: External. This rule mean block everything from WSUS server to an internet except to the Microsoft Windows Update website. Am I correct?

DEVLAVI -> RE: Comment for planned access rule for WSUS server (10.Sep.2009 11:52:39 AM)
quote: The action of allow is in the Exception of To: External. This rule mean block everything from WSUS server to an internet except to the Microsoft Windows Update website. Naa that's not good enough & it'll never work. Post back if you ever managed to get it to work You need a allow rule before your deny rule as mentioned by Tarek And i suggest you use the built in "Microsoft Update Domain Name Set" & "System Policy Allowed Sites" in your allow rule Thanks, Dev

Mekong River -> RE: Comment for planned access rule for WSUS server (11.Sep.2009 4:01:15 AM)
Dear Dev, Regarding to your above suggestion is this below configure would be correct: General: Allow WSUS to access Microsoft Update website Action: Allow Protocol: Selected Protocol (HTTP, HTTPS) From: WSUS (computer object) To: Domain Set of Microsoft Windows Update website Content type: All content type Schedule: Always User: All Users General: Block WSUS to access internet Action: Deny Protocol: All outbound traffic From: WSUS (computer object) To: External Content type: All content type Schedule: Always User: All Users Thank in advance, Kanel

paulo.oliveira -> RE: Comment for planned access rule for WSUS server (11.Sep.2009 2:44:07 PM)
Hi Kanel, this will help you: http://support.microsoft.com/default.aspx?scid=kb;en-us;885819 Regards, Paulo Oliveira.

DEVLAVI -> RE: Comment for planned access rule for WSUS server (12.Sep.2009 11:08:09 AM)
Hi Kanel, quote: General: Allow WSUS to access Microsoft Update website Action: Allow Protocol: Selected Protocol (HTTP, HTTPS) From: WSUS (computer object) To: Domain Set of Microsoft Windows Update website Content type: All content type Schedule: Always User: All Users Yes that should work. Just make sure you use the built in Domain name sets "Microsoft Update Domain Name Set" & "System Policy Allowed Sites" in your access rule Also refer the link posted by Paulo for more info on the same Thanks, Dev

Mekong River -> RE: Comment for planned access rule for WSUS server (12.Sep.2009 10:21:17 PM)
Dear Dev, Thank you very much for your reply and I also found that document and I already print it out and read it. But I still wonder with my original rule which is block everything except to the Microsoft Update Domain set (my original post). Could you please let me know what is the cause the of this problem that do not make this rule work? Thank, Kanel

DEVLAVI -> RE: Comment for planned access rule for WSUS server (12.Sep.2009 11:32:00 PM)
Hi Kanel AFAIK ISA is designed to Block Anything & Everything unless its allowed purposely The only way to allow it is with the Access rules & publishing rules In your case you have a rule to deny all traffic but where is the allow rule? Allowed Access Rule & Exception are totally different things I am sure other people here have better ways to explain this HTH. Dev

Mekong River -> RE: Comment for planned access rule for WSUS server (13.Sep.2009 9:30:01 PM)
Dear Dev, Thank you very much for your reply. I will check my book for further reference about this difference. Thank, Kanel

aliyanisabrey -> RE: Comment for planned access rule for WSUS server (2.Mar.2010 8:14:35 PM)
hi, I am a bit confused here...I thought in "System Policy Allowed site" is already set. that means, the windows update is already allowed. am i correct? Please correct me if i am wrong.

Mekong River -> RE: Comment for planned access rule for WSUS server (3.Mar.2010 8:35:02 PM)
Hello, as far as I know, the system policy allow site is work only on the ISA computer. But in this case I have a separate server that plan to setup as WSUS server. So it has to create the rule for it. Kanel [:)]

aliyanisabrey -> RE: Comment for planned access rule for WSUS server (4.Mar.2010 12:41:53 AM)
okay. thanks for your info.

Page: [1]