Re: RE: [pfSense Support] Microsoft updates through pfSense
On 22 Feb 2011 21:38, Nathan Eisenberg nat...@atlasnetworks.us wrote: Almost certainly not. The update communication is done over an SSL channel and specific ports. Even if you get the ports right, Why wouldn't you, they're not random, you set them youself?! I highly suspect the SSL communication will cause problems. I doubt it, why would the SSL cause problems unless you denied clients authentication, but why would you deny access to your own clients?!? --James. (This email was sent from a mobile device)
RE: RE: [pfSense Support] Microsoft updates through pfSense
I doubt it, why would the SSL cause problems unless you denied clients authentication, but why would you deny access to your own clients?!? You probably don't have the ability to sign valid certificates for update.microsoft.com. Since you're redirecting SSL traffic bound for that destination, instead of telling the application to talk to the right server, the common name is going to be wrong, and the SSL handshake will fail. Nathan - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: RE: RE: [pfSense Support] Microsoft updates through pfSense
That is a possibility, perhps instead of NAT'ing the connections if you had a local DNS entry for update.microsoft.com though I suspect SSL woupd be fine. However I believe SSL is optional, so that might not be a problem at all? --James. (This email was sent from a mobile device)
Re: [pfSense Support] Microsoft updates through pfSense
See the official Squid FAQ about Windows Update. It explains why you are having this problem. http://wiki.squid-cache.org/SquidFaq/WindowsUpdate Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 On Thu, Feb 17, 2011 at 10:52 PM, Shali K.R. sh...@vidyaacademy.ac.inwrote: Dear db, i have tried this, but it showing a high bandwidth usage, is this a proper way?? On Fri, Feb 18, 2011 at 9:14 AM, David Burgess apt@gmail.com wrote: On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear all, I am having 500 windows client machines connected through pfSense and squid, please suggest me a suitable method for handling updates. You'll find the appropriate info here: http://doc.pfsense.org/index.php/Squid_Package_Tuning db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
RE: [pfSense Support] Microsoft updates through pfSense
Almost certainly not. The update communication is done over an SSL channel and specific ports. Even if you get the ports right, I highly suspect the SSL communication will cause problems. Just build a reg file to point the client boxes at your WSUS/SC server and import it. I've seen this done at dozens of installations, and it works flawlessly. -Original Message- From: James Bensley [mailto:jwbens...@gmail.com] Sent: Friday, February 18, 2011 12:57 AM To: support@pfsense.com Subject: Re: [pfSense Support] Microsoft updates through pfSense Well I haven't tried it but it could work, perhaps Google it? Initially I can't see why it wouldn't work but I haven't tried it so I can't say for sure. --James. (This email was sent from a mobile device) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft updates through pfSense
David Burgess schreef: On Thu, Feb 17, 2011 at 8:52 PM, Shali K.R.sh...@vidyaacademy.ac.in wrote: Dear db, i have tried this, but it showing a high bandwidth usage, is this a proper way?? I uninstalled the squid package about three months ago, unable to get it to function properly. I will try it again when pfsense 2.0 is stable, and probably pick up the book as well. I wish I could be more helpful than that. db As far as i am concerned, squid does not belong on the firewall itself in the first place. So use a separate machine to proxy. regards, Johan Hendriks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft updates through pfSense
If you cant use a domain with a WSUS server, why not redirect the IP ranges of MS update servers to your WSUS server on your firewall? --James. (This email was sent from a mobile device)
Re: [pfSense Support] Microsoft updates through pfSense
Dear James Bensley, Just redirect to local WSUS server will solve this issue? On Fri, Feb 18, 2011 at 2:06 PM, James Bensley jwbens...@gmail.com wrote: If you cant use a domain with a WSUS server, why not redirect the IP ranges of MS update servers to your WSUS server on your firewall? --James. (This email was sent from a mobile device) -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] Microsoft updates through pfSense
Well I haven't tried it but it could work, perhaps Google it? Initially I can't see why it wouldn't work but I haven't tried it so I can't say for sure. --James. (This email was sent from a mobile device)
Re: [pfSense Support] Microsoft updates through pfSense
On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear all, I am having 500 windows client machines connected through pfSense and squid, please suggest me a suitable method for handling updates. You'll find the appropriate info here: http://doc.pfsense.org/index.php/Squid_Package_Tuning db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft updates through pfSense
Dear db, i have tried this, but it showing a high bandwidth usage, is this a proper way?? On Fri, Feb 18, 2011 at 9:14 AM, David Burgess apt@gmail.com wrote: On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear all, I am having 500 windows client machines connected through pfSense and squid, please suggest me a suitable method for handling updates. You'll find the appropriate info here: http://doc.pfsense.org/index.php/Squid_Package_Tuning db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] Microsoft updates through pfSense
On Thu, Feb 17, 2011 at 8:52 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear db, i have tried this, but it showing a high bandwidth usage, is this a proper way?? I uninstalled the squid package about three months ago, unable to get it to function properly. I will try it again when pfsense 2.0 is stable, and probably pick up the book as well. I wish I could be more helpful than that. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft updates through pfSense
The proper way to handle that many clients is to run a WSUS update server (or its new replacement, System Center). Mike McLaughlin - System Administrator Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 Office 530-470-0104 - Cell 530-559-9606 On Thu, Feb 17, 2011 at 7:52 PM, Shali K.R. sh...@vidyaacademy.ac.inwrote: Dear db, i have tried this, but it showing a high bandwidth usage, is this a proper way?? On Fri, Feb 18, 2011 at 9:14 AM, David Burgess apt@gmail.com wrote: On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear all, I am having 500 windows client machines connected through pfSense and squid, please suggest me a suitable method for handling updates. You'll find the appropriate info here: http://doc.pfsense.org/index.php/Squid_Package_Tuning db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] Microsoft updates through pfSense
Dear Mike McLaughlin, But WSUS requires a domain controller for the perfect functioning, i also tried this without domain controller but its not working well On Fri, Feb 18, 2011 at 9:25 AM, Mike McLaughlin obr...@gmail.com wrote: The proper way to handle that many clients is to run a WSUS update server (or its new replacement, System Center). Mike McLaughlin - System Administrator Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 Office 530-470-0104 - Cell 530-559-9606 On Thu, Feb 17, 2011 at 7:52 PM, Shali K.R. sh...@vidyaacademy.ac.inwrote: Dear db, i have tried this, but it showing a high bandwidth usage, is this a proper way?? On Fri, Feb 18, 2011 at 9:14 AM, David Burgess apt@gmail.com wrote: On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear all, I am having 500 windows client machines connected through pfSense and squid, please suggest me a suitable method for handling updates. You'll find the appropriate info here: http://doc.pfsense.org/index.php/Squid_Package_Tuning db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531 -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] Microsoft updates through pfSense
Ah, sorry. I don't have a great recommendation for you then. I've not used a WSUS server without a domain. You can tune squid to cache larger files, but I too am not extremely fond of Squid. I always have random issues with this and that running it (mainly custom web apps, java, etc). Mike McLaughlin - System Administrator Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 Office 530-470-0104 - Cell 530-559-9606 On Thu, Feb 17, 2011 at 8:04 PM, Shali K.R. sh...@vidyaacademy.ac.inwrote: Dear Mike McLaughlin, But WSUS requires a domain controller for the perfect functioning, i also tried this without domain controller but its not working well On Fri, Feb 18, 2011 at 9:25 AM, Mike McLaughlin obr...@gmail.com wrote: The proper way to handle that many clients is to run a WSUS update server (or its new replacement, System Center). Mike McLaughlin - System Administrator Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 Office 530-470-0104 - Cell 530-559-9606 On Thu, Feb 17, 2011 at 7:52 PM, Shali K.R. sh...@vidyaacademy.ac.inwrote: Dear db, i have tried this, but it showing a high bandwidth usage, is this a proper way?? On Fri, Feb 18, 2011 at 9:14 AM, David Burgess apt@gmail.comwrote: On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear all, I am having 500 windows client machines connected through pfSense and squid, please suggest me a suitable method for handling updates. You'll find the appropriate info here: http://doc.pfsense.org/index.php/Squid_Package_Tuning db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531 -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
