Yep, the source you mentioned is for communication *to* your wsus server, either from a replica or a client. Communication with the Windows Update servers is http and https over standard ports.
-----Original Message----- From: Joseph Heaton [mailto:[email protected]] Sent: Thursday, September 24, 2009 2:44 PM To: NT System Admin Issues Subject: RE: Ports for WSUS Damien, Yep, that's one of the sources I found. The other is this, from the Technet website. It changes that paragraph slightly: http://technet.microsoft.com/en-us/library/bb693717.aspx To configure the firewall for software updates 1. Configure the firewall to allow communication for the HTTP and HTTPS ports used by the WSUS server. By default, a WSUS server that is configured for the default Web site uses port 80 for HTTP and port 443 for HTTPS. By default, the WSUS server uses port 8530 for HTTP and port 8531 for HTTPS if it is using the WSUS custom Web site. For more information, see How to Determine the Port Settings Used by WSUS. Maybe this paragraph is talking about clients hitting my WSUS server, not my WSUS server hitting Microsoft... >>> "Damien Solodow" <[email protected]> 9/24/2009 11:35 AM >>> Yep. From page 29 of the WSUS deployment guide. Configure the Firewall If there is a corporate firewall between WSUS and the Internet, you might need to configure the firewall to ensure that WSUS can obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol. This is not configurable. If your organization does not allow those ports and protocols to be open to all addresses, you can restrict access to the following domains so WSUS and Automatic Updates can communicate with Microsoft Update: http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://stats.update.microsoft.com http://ntservicepack.microsoft.com -----Original Message----- From: Joseph Heaton [mailto:[email protected]] Sent: Thursday, September 24, 2009 2:28 PM To: NT System Admin Issues Subject: RE: Ports for WSUS So I'm finding conflicting information for the ports used to communicate to Microsoft's Update servers. One says WSUS uses 80 and 443, non-changeable. Another says that if I'm using the custom WSUS site within IIS, then it can use the same 8530/8531. Anyone know the real-life answer? >>> "Joseph Heaton" <[email protected]> 9/24/2009 9:10 AM >>> Thanks Ken, does it use the same ports to talk to Windows Update? The task is to figure out what specific ports I need to allow through the firewall. >>> Ken Schaefer <[email protected]> 9/24/2009 8:54 AM >>> That is for clients to connect to WSUS. The admin console also works over those ports. WSUS also needs to connect to an upstream server. Cheers Ken -----Original Message----- From: Joseph Heaton [mailto:[email protected]] Sent: Thursday, 24 September 2009 11:42 PM To: NT System Admin Issues Subject: Ports for WSUS Just checking my logic here. The only port(s) that WSUS needs is whatever you setup in the IIS site, correct? So, by defaults, if you use the default website, it would be 80 and 443; and if you use the customized WSUS site, it is 8530 and 8531. Are there any other ports that need to be opened? Thanks, ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
