Setting Ip filters to grant only windows update
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Setting Ip filters to grant only windows update

 
Post new topic   Reply to topic    Windows Server Forum Index -> Networking
Author Message
Eddie Iannuccelli
Guest
Posted: Tue Oct 25, 2005 4:50 pm    Post subject: Setting Ip filters to grant only windows update Reply with quote
Hi all,
one of my servers host Windows System Update Service + Windows Sharepoint
Services + symantec server. I want to reject all IP conections except my
local IP subnet + windows update servers + symantec update servers.
It seems that windows update servers IP are not stables (dynamic A class
change between two pings for Downloads.windowsupdate.com). How can I solve
that problem ?

I did not investigate yet Symantec liveUpdate servers but if anyone has
already do it :))

thanks
Back to top
Wendel Hamilton
Guest
Posted: Thu Oct 27, 2005 8:50 am    Post subject: RE: Setting Ip filters to grant only windows update Reply with quote
Eddie,
You can close off all incoming network traffic except your local subnets as
windows and Symantec update services use HTTP established by your server. Out
going connections only.

"Eddie Iannuccelli" wrote:

Quote:
Hi all,
one of my servers host Windows System Update Service + Windows Sharepoint
Services + symantec server. I want to reject all IP conections except my
local IP subnet + windows update servers + symantec update servers.
It seems that windows update servers IP are not stables (dynamic A class
change between two pings for Downloads.windowsupdate.com). How can I solve
that problem ?

I did not investigate yet Symantec liveUpdate servers but if anyone has
already do it :))

thanks
Back to top
Eddie Iannuccelli
Guest
Posted: Thu Oct 27, 2005 12:50 pm    Post subject: RE: Setting Ip filters to grant only windows update Reply with quote
I am trying to do that using local IP policy (not a firewall) and I currently :
-reject all traffic (incoming and outgoing) by setting default filter to
reject action
-accept my subnet traffic with mirroring

This work fine but server cant reach windows update by example, so I add a
rule that :
-accept all traffic from myIP to anyIP with no mirroring
but my server still cannot reach windowsupdate throug IE.

What's wrong ?


"Wendel Hamilton" wrote:

Quote:
Eddie,
You can close off all incoming network traffic except your local subnets as
windows and Symantec update services use HTTP established by your server. Out
going connections only.

"Eddie Iannuccelli" wrote:

Hi all,
one of my servers host Windows System Update Service + Windows Sharepoint
Services + symantec server. I want to reject all IP conections except my
local IP subnet + windows update servers + symantec update servers.
It seems that windows update servers IP are not stables (dynamic A class
change between two pings for Downloads.windowsupdate.com). How can I solve
that problem ?

I did not investigate yet Symantec liveUpdate servers but if anyone has
already do it :))

thanks
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Networking All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB