Thanks guys, for the reinforcement. I'm sure the light would have gone on in my head eventually...
>>> Sean Rector <sean.rec...@vaopera.org> 9/24/2009 12:04 PM >>> You're right. "Maybe this paragraph is talking about clients hitting my WSUS server, not my WSUS server hitting Microsoft..." Sean Rector, MCSE ________________________________________ From: Joseph Heaton [jhea...@dfg.ca.gov] Sent: Thursday, September 24, 2009 2:44 PM To: NT System Admin Issues Subject: RE: Ports for WSUS Damien, Yep, that's one of the sources I found. The other is this, from the Technet website. It changes that paragraph slightly: http://technet.microsoft.com/en-us/library/bb693717.aspx To configure the firewall for software updates 1. Configure the firewall to allow communication for the HTTP and HTTPS ports used by the WSUS server. By default, a WSUS server that is configured for the default Web site uses port 80 for HTTP and port 443 for HTTPS. By default, the WSUS server uses port 8530 for HTTP and port 8531 for HTTPS if it is using the WSUS custom Web site. For more information, see How to Determine the Port Settings Used by WSUS. Maybe this paragraph is talking about clients hitting my WSUS server, not my WSUS server hitting Microsoft... >>> "Damien Solodow" <damien.solo...@harrison.edu> 9/24/2009 11:35 AM >>> Yep. From page 29 of the WSUS deployment guide. Configure the Firewall If there is a corporate firewall between WSUS and the Internet, you might need to configure the firewall to ensure that WSUS can obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol. This is not configurable. If your organization does not allow those ports and protocols to be open to all addresses, you can restrict access to the following domains so WSUS and Automatic Updates can communicate with Microsoft Update: http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://stats.update.microsoft.com http://ntservicepack.microsoft.com -----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Thursday, September 24, 2009 2:28 PM To: NT System Admin Issues Subject: RE: Ports for WSUS So I'm finding conflicting information for the ports used to communicate to Microsoft's Update servers. One says WSUS uses 80 and 443, non-changeable. Another says that if I'm using the custom WSUS site within IIS, then it can use the same 8530/8531. Anyone know the real-life answer? >>> "Joseph Heaton" <jhea...@dfg.ca.gov> 9/24/2009 9:10 AM >>> Thanks Ken, does it use the same ports to talk to Windows Update? The task is to figure out what specific ports I need to allow through the firewall. >>> Ken Schaefer <k...@adopenstatic.com> 9/24/2009 8:54 AM >>> That is for clients to connect to WSUS. The admin console also works over those ports. WSUS also needs to connect to an upstream server. Cheers Ken -----Original Message----- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Thursday, 24 September 2009 11:42 PM To: NT System Admin Issues Subject: Ports for WSUS Just checking my logic here. The only port(s) that WSUS needs is whatever you setup in the IIS site, correct? So, by defaults, if you use the default website, it would be 80 and 443; and if you use the customized WSUS site, it is 8530 and 8531. Are there any other ports that need to be opened? Thanks, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ Virginia Opera's 35th Anniversary Season The One You Love Celebrate with a 2009-2010 Subscription: La Boh?me, The Daughter of the Regiment, Don Giovanni and Porgy and BessSM Visit us online at www.vaopera.org or call 1-866-OPERA-VA The vision of Virginia Opera is to enrich lives through the powerful integration of music, voice and human drama This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~