Asked by:
WSUS form INTERNET !!

Question
-
Hello,
I need to open WSUS to the Internet via SSL connection.
My questions:
1) Can I expose WSUS to the Internet.?
2) How to solve security.? Only internal Certification authority .? Each computer will have a client certification.
3) How to authorize computers from internet .? Through client certification?Thx Michal.
Thursday, April 16, 2020 8:42 PM
All replies
-
1) Can I expose WSUS to the Internet.? - Yes
2) How to solve security.? Only internal Certification authority .? Each computer will have a client certification. - It's enough
3) How to authorize computers from internet .? Through client certification? - No need internet when you deploy WSUS for updatesCheck below for secure WSUS deployment,https://docs.microsoft.com/pt-br/security-updates/windowsupdateservices/18139347
Friday, April 17, 2020 1:07 AM -
Hi Michal,
In theory, it is not a good idea to expose WSUS to the public Internet. On the one hand this is a problem with the EULA, on the other hand the exposure of internal servers is itself a dangerous move.
Although I haven't done this before, some threads have provided more suggestions. Perhaps this information can answer your questions:
- Make WSUS accessible over the web
- WSUS License Agreement - Can we allow computers from another company to communicate and receive updates from our WSUS server?
- Making WSUS externally available for remote users
* PLEASE NOTE: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Based on these opinions, if you want to serve clients in the external network, then enabling VPN is a more reliable solution.
Regards,
Hope the above can help you.
Yic
Please remember to mark as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Edited by Yic LvMicrosoft contingent staff Friday, April 17, 2020 1:28 AM Format.
Friday, April 17, 2020 1:24 AM -
Hi,
Any update is welcome here.
If the issue is resolved, share your solution or find the helpful response "Mark as Answer" to help other community members find the answer.
Thank you for your cooperation, as always.
Regards,
YicPlease remember to mark as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Monday, April 20, 2020 2:08 AM -
Thank you .. Michal.Monday, April 20, 2020 6:38 AM
-
Thank you for the information ..
WSUS pushed out to internet is very important, users are very lazy to click update via VPN :(My configuration:
1) Can I expose WSUS to the Internet.? Yes, only change port and enable TLS
2) How to solve security.? Only internal Certification authority .? Each computer will have a client certification. Enable authorization via zertifikat
3) How to authorize computers from internet .? Through client certification? Enable authorization via zertifikatMonday, April 20, 2020 6:42 AM -
Hi Michal,
Thank you for your reply.
I'm sorry that I haven't tested the actual part of externally facing WSUS server, so I can't give you an accurate suggestion for the time being. You may consider waiting for suggestions from other members of the forum.
In theory, this is what I do not recommend. but I will reply in time if anything is found.
Regards,
YicPlease remember to mark as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Tuesday, April 21, 2020 2:40 AM -
Hi,
Since this thread has not progressed for a long time, the following summary is now provided for reference during later follow-up:
- Issue Symptom
Consultation on the establishment of an Internet-accessible WSUS site.
- Possible Cause
technical consulting
- Troubleshooting Steps so far
Due to security risks, it is recommended to consider VPN-based methods. For such technologies, the same is being studied.
YicPlease remember to mark as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.Tuesday, May 12, 2020 8:11 AM - Issue Symptom