locked
WSUS Deployment within the DMZ network and Internal corportate network RRS feed

  • Question

  • I am planning having 2 WSUS Servers but one in the DMZ to patch DMZ servers (Downstream-Replica) and the other in Internal network (Upstream)

    I would like to use Replica mode option.Here are my questions

    1. Can i patch all the DMZ servers in the DMZ using the downstream replica server or this is control from the Primary (upstream server)

    2. Can i approve updates only in the Primary (upstream server) or either from the replica downstream server?

    3. Confirm the following ports  8530 and 8531 is sufficent between upstream and downstream and all internal and dmz clients to the downstream servers. 

    Thanks

    Monday, July 20, 2015 8:15 PM

Answers

All replies

  • 1. Replica scenarios require that you perform approvals, create computer groups, on the USS. You can add computer into groups on the DSS.

    https://technet.microsoft.com/en-us/library/dd939820(v=ws.10).aspx

    https://technet.microsoft.com/en-us/library/dd939893(v=ws.10).aspx

    2. Only USS

    3. Port 80 is required for some services (e.g. SelfUpdate).
    Older WSUS implementations default to port 80, but can be configured for port 8530.
    Newer WSUS implmentations (WS2012/WS2012R2) do not default to port 80, thee default to port 8530.
    (but note that port 80 is still used for some services e.g. SelfUpdate)



    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Monday, July 20, 2015 9:36 PM
  • Thanks Donpick. If I don't have replica in the dmz but just a normal to WSUS, then I can patch DMZ servers but it won't synchronised to the upstream
    Tuesday, July 21, 2015 7:26 AM
  • Thanks Donpick. If I don't have replica in the dmz but just a normal WSUS, then I can patch DMZ servers but it won't synchronised to the upstream...thanks
    Tuesday, July 21, 2015 7:29 AM
  • what outbounds ports and inbound ports is required from WSUS to Clients and Clients to WSUS
    Wednesday, July 22, 2015 1:14 PM
  • what outbounds ports and inbound ports is required from WSUS to Clients and Clients to WSUS

    This may help:
    http://community.spiceworks.com/topic/527306-what-wsus-inbound-and-outbound-ports-need-to-be-allowed

    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Wednesday, July 22, 2015 9:24 PM