Yep. From page 29 of the WSUS deployment guide. Configure the Firewall If there is a corporate firewall between WSUS and the Internet, you might need to configure the firewall to ensure that WSUS can obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol. This is not configurable.
If your organization does not allow those ports and protocols to be open to all addresses, you can restrict access to the following domains so WSUS and Automatic Updates can communicate with Microsoft Update: http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://stats.update.microsoft.com http://ntservicepack.microsoft.com -----Original Message----- From: Joseph Heaton [mailto:[email protected]] Sent: Thursday, September 24, 2009 2:28 PM To: NT System Admin Issues Subject: RE: Ports for WSUS So I'm finding conflicting information for the ports used to communicate to Microsoft's Update servers. One says WSUS uses 80 and 443, non-changeable. Another says that if I'm using the custom WSUS site within IIS, then it can use the same 8530/8531. Anyone know the real-life answer? >>> "Joseph Heaton" <[email protected]> 9/24/2009 9:10 AM >>> Thanks Ken, does it use the same ports to talk to Windows Update? The task is to figure out what specific ports I need to allow through the firewall. >>> Ken Schaefer <[email protected]> 9/24/2009 8:54 AM >>> That is for clients to connect to WSUS. The admin console also works over those ports. WSUS also needs to connect to an upstream server. Cheers Ken -----Original Message----- From: Joseph Heaton [mailto:[email protected]] Sent: Thursday, 24 September 2009 11:42 PM To: NT System Admin Issues Subject: Ports for WSUS Just checking my logic here. The only port(s) that WSUS needs is whatever you setup in the IIS site, correct? So, by defaults, if you use the default website, it would be 80 and 443; and if you use the customized WSUS site, it is 8530 and 8531. Are there any other ports that need to be opened? Thanks, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
