locked
WSUS form INTERNET !! RRS feed

  • Question

  • Hello,

    I need to open WSUS to the Internet via SSL connection.

    My questions:
    1) Can I expose WSUS to the Internet.?
    2) How to solve security.? Only internal Certification authority .? Each computer will have a client certification.
    3) How to authorize computers from internet .? Through client certification?

    Thx Michal.

    Thursday, April 16, 2020 8:42 PM

All replies

  • 1) Can I expose WSUS to the Internet.? - Yes
    2) How to solve security.? Only internal Certification authority .? Each computer will have a client certification. - It's enough
    3) How to authorize computers from internet .? Through client certification? - No need internet when you deploy WSUS for updates

    Check below for secure WSUS deployment,https://docs.microsoft.com/pt-br/security-updates/windowsupdateservices/18139347

    Friday, April 17, 2020 1:07 AM
  • Hi Michal,
      

    In theory, it is not a good idea to expose WSUS to the public Internet. On the one hand this is a problem with the EULA, on the other hand the exposure of internal servers is itself a dangerous move. 
       

    Although I haven't done this before, some threads have provided more suggestions. Perhaps this information can answer your questions:
       

    Based on these opinions, if you want to serve clients in the external network, then enabling VPN is a more reliable solution.
    Hope the above can help you.
        

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 17, 2020 1:24 AM
  • Hi,
     

    Any update is welcome here.
    If the issue is resolved, share your solution or find the helpful response "Mark as Answer" to help other community members find the answer.
     

    Thank you for your cooperation, as always.
     

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 20, 2020 2:08 AM
  • Thank you  .. Michal.
    Monday, April 20, 2020 6:38 AM
  • Thank you for the information ..
    WSUS pushed out to internet is very important, users are very lazy to click update via VPN :(

    My configuration:

    1) Can I expose WSUS to the Internet.?  Yes, only change port and enable TLS
    2) How to solve security.? Only internal Certification authority .? Each computer will have a client certification. Enable authorization via zertifikat
    3) How to authorize computers from internet .? Through client certification? Enable authorization via zertifikat

    Monday, April 20, 2020 6:42 AM
  • Hi Michal,
       

    Thank you for your reply.
    I'm sorry that I haven't tested the actual part of externally facing WSUS server, so I can't give you an accurate suggestion for the time being. You may consider waiting for suggestions from other members of the forum.
       

    In theory, this is what I do not recommend. but I will reply in time if anything is found.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 21, 2020 2:40 AM
  • Hi,
       

    Since this thread has not progressed for a long time, the following summary is now provided for reference during later follow-up:
        

    • Issue Symptom
      Consultation on the establishment of an Internet-accessible WSUS site.
         
    • Possible Cause
      technical consulting
         
    • Troubleshooting Steps so far
      Due to security risks, it is recommended to consider VPN-based methods. For such technologies, the same is being studied.
         
    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 12, 2020 8:11 AM