What ports to open on firewall to allow windows update

Hi All
I know there have been a lot of posts on this but they have not solved
my problem.
I have a windows xp home based system. If I connect to the internet
using a USB adsl modem the update process works just fine. However, I
usually connect to the internet using an adsl router behind connected
to my network through a hardware firewall. If I connect this way then
the update process hangs at 0% and ie freezes.
So I have concluded that I need to open some ports on the firewall. I
have tried some suggested in the google groups, but to no avail. Can
anyone tell me exactly what I need to do?

Many thanks
Chris
p.s. till now I have just overcome the problem by plugging in the usb
modem - but I now have two other machines on my home lan and teh usb
modem is not an option for them. So I now have to sort out this issue!

A couple of questions...

Is this using WUv4 or WUv5?
If v4, can you access https://v4.windowsupdate.microsoft.com ok?
You should only need ports 80 and 113...

Thanks,

-David Herman

"Chris Davies" <> wrote in message
news: om...
> Hi All
> I know there have been a lot of posts on this but they have not solved
> my problem.
> I have a windows xp home based system. If I connect to the internet
> using a USB adsl modem the update process works just fine. However, I
> usually connect to the internet using an adsl router behind connected
> to my network through a hardware firewall. If I connect this way then
> the update process hangs at 0% and ie freezes.
> So I have concluded that I need to open some ports on the firewall. I
> have tried some suggested in the google groups, but to no avail. Can
> anyone tell me exactly what I need to do?
>
> Many thanks
> Chris
> p.s. till now I have just overcome the problem by plugging in the usb
> modem - but I now have two other machines on my home lan and teh usb
> modem is not an option for them. So I now have to sort out this issue!

I am using
- Windows XP Home SP1 (currently downloading SP2 via dial-up... 10 hours to
go...)
- Kerio v2.15 Personal Firewall
- Windows Update v5

I have only had v5 installed for a few days, so I have been building my
firewall rules based upon firewall activity. I have it set to prompt me for
outgoing when no rule applies. At this point, I am still adjusting
(expanding) the Remote address ranges on an almost daily basis. Perhaps
Microsoft uses different servers based upon locale, or connection type
(broadband vs. dial-up), or whatever. If so then, the remote address ranges
used by your computer might be different than those used by my computer. If
possible, set your firewall to prompt when outgoing rules do not apply, that
way you can see what is needed and create a rule for it.

My Firewall rules, based upon usage so far, are as follows:

Rule 1.
Rule name: v5 Windows Update - Generic Host Process for Win32 Services
Protocol: TCP
Direction: Out
Local Ports (range): 1024-5000
Application: c:\windows\system32\svchost.exe
Remote address (range): 207.46.134.92-207.46.253.221 <== adjust based upon
usage
Remote ports (list): 80,443
Action: Permit

Rule 2.
Rule name: v5 Windows Update - Generic Host Process for Win32 Services
Protocol: TCP
Direction: Out
Local Ports (range): 1024-5000
Application: c:\windows\system32\svchost.exe
Remote address (range): 64.4.21.124-64.4.23.61 <== adjust based upon usage
Remote ports (list): 80,443
Action: Permit

Hope this helps,
Lilla

"Chris Davies" <> wrote in message
news: om...
> Hi All
> I know there have been a lot of posts on this but they have not solved
> my problem.
> I have a windows xp home based system. If I connect to the internet
> using a USB adsl modem the update process works just fine. However, I
> usually connect to the internet using an adsl router behind connected
> to my network through a hardware firewall. If I connect this way then
> the update process hangs at 0% and ie freezes.
> So I have concluded that I need to open some ports on the firewall. I
> have tried some suggested in the google groups, but to no avail. Can
> anyone tell me exactly what I need to do?
>
> Many thanks
> Chris
> p.s. till now I have just overcome the problem by plugging in the usb
> modem - but I now have two other machines on my home lan and teh usb
> modem is not an option for them. So I now have to sort out this issue!

I use a software firewall (Kerio) only, no router etc.

Lilla

"w4mlc" <> wrote in message
news:AEA0E47E-4922-4A99-A905-...
> what router are you useing
>
> "E.T. Renfro" wrote:
>
> > I am using
> > - Windows XP Home SP1 (currently downloading SP2 via dial-up... 10 hours
to
> > go...)
> > - Kerio v2.15 Personal Firewall
> > - Windows Update v5
> >
> > I have only had v5 installed for a few days, so I have been building my
> > firewall rules based upon firewall activity. I have it set to prompt me
for
> > outgoing when no rule applies. At this point, I am still adjusting
> > (expanding) the Remote address ranges on an almost daily basis. Perhaps
> > Microsoft uses different servers based upon locale, or connection type
> > (broadband vs. dial-up), or whatever. If so then, the remote address
ranges
> > used by your computer might be different than those used by my computer.
If
> > possible, set your firewall to prompt when outgoing rules do not apply,
that
> > way you can see what is needed and create a rule for it.
> >
> > My Firewall rules, based upon usage so far, are as follows:
> >
> > Rule 1.
> > Rule name: v5 Windows Update - Generic Host Process for Win32 Services
> > Protocol: TCP
> > Direction: Out
> > Local Ports (range): 1024-5000
> > Application: c:\windows\system32\svchost.exe
> > Remote address (range): 207.46.134.92-207.46.253.221 <== adjust based
upon
> > usage
> > Remote ports (list): 80,443
> > Action: Permit
> >
> > Rule 2.
> > Rule name: v5 Windows Update - Generic Host Process for Win32 Services
> > Protocol: TCP
> > Direction: Out
> > Local Ports (range): 1024-5000
> > Application: c:\windows\system32\svchost.exe
> > Remote address (range): 64.4.21.124-64.4.23.61 <== adjust based upon
usage
> > Remote ports (list): 80,443
> > Action: Permit
> >
> > Hope this helps,
> > Lilla
> >
> > "Chris Davies" <> wrote in message
> > news: om...
> > > Hi All
> > > I know there have been a lot of posts on this but they have not solved
> > > my problem.
> > > I have a windows xp home based system. If I connect to the internet
> > > using a USB adsl modem the update process works just fine. However, I
> > > usually connect to the internet using an adsl router behind connected
> > > to my network through a hardware firewall. If I connect this way then
> > > the update process hangs at 0% and ie freezes.
> > > So I have concluded that I need to open some ports on the firewall. I
> > > have tried some suggested in the google groups, but to no avail. Can
> > > anyone tell me exactly what I need to do?
> > >
> > > Many thanks
> > > Chris
> > > p.s. till now I have just overcome the problem by plugging in the usb
> > > modem - but I now have two other machines on my home lan and teh usb
> > > modem is not an option for them. So I now have to sort out this issue!
> >
> >
> >

Assuming W4mlc's post was aimed at my original question, I am using a
Netgear DG814 router/modem, connected to a Netgear FM114p
firewall/wireless/print server.
Many thanks
Chris

> "w4mlc" <> wrote in message
> news:AEA0E47E-4922-4A99-A905-...
> > what router are you useing
> > >
> > > "Chris Davies" <> wrote in message
> > > news: om...
> > > > Hi All
> > > > I know there have been a lot of posts on this but they have not solved
> > > > my problem.
> > > > I have a windows xp home based system. If I connect to the internet
> > > > using a USB adsl modem the update process works just fine. However, I
> > > > usually connect to the internet using an adsl router behind connected
> > > > to my network through a hardware firewall. If I connect this way then
> > > > the update process hangs at 0% and ie freezes.
> > > > So I have concluded that I need to open some ports on the firewall. I
> > > > have tried some suggested in the google groups, but to no avail. Can
> > > > anyone tell me exactly what I need to do?
> > > >
> > > > Many thanks
> > > > Chris
> > > > p.s. till now I have just overcome the problem by plugging in the usb
> > > > modem - but I now have two other machines on my home lan and teh usb
> > > > modem is not an option for them. So I now have to sort out this issue!
> > >
> > >
> > >

I had same type of problem with d-linlk router timeing issue was problem if
you go to netgear and install latest rev. for the dg814 this might help.

"Chris Davies" wrote:

> Assuming W4mlc's post was aimed at my original question, I am using a
> Netgear DG814 router/modem, connected to a Netgear FM114p
> firewall/wireless/print server.
> Many thanks
> Chris
>
> > "w4mlc" <> wrote in message
> > news:AEA0E47E-4922-4A99-A905-...
> > > what router are you useing
> > > >
> > > > "Chris Davies" <> wrote in message
> > > > news: om...
> > > > > Hi All
> > > > > I know there have been a lot of posts on this but they have not solved
> > > > > my problem.
> > > > > I have a windows xp home based system. If I connect to the internet
> > > > > using a USB adsl modem the update process works just fine. However, I
> > > > > usually connect to the internet using an adsl router behind connected
> > > > > to my network through a hardware firewall. If I connect this way then
> > > > > the update process hangs at 0% and ie freezes.
> > > > > So I have concluded that I need to open some ports on the firewall. I
> > > > > have tried some suggested in the google groups, but to no avail. Can
> > > > > anyone tell me exactly what I need to do?
> > > > >
> > > > > Many thanks
> > > > > Chris
> > > > > p.s. till now I have just overcome the problem by plugging in the usb
> > > > > modem - but I now have two other machines on my home lan and teh usb
> > > > > modem is not an option for them. So I now have to sort out this issue!
> > > >
> > > >
> > > >
>

"David Herman .:MVP:." <_NOSPAM> wrote in message
news:e$...
>A couple of questions...
>
> Is this using WUv4 or WUv5?
> If v4, can you access https://v4.windowsupdate.microsoft.com ok?
> You should only need ports 80 and 113...

Can we infer from this that you used the numeric keypad to enter that?

Should be 443? (for https: default)


---