WSUS Firewall Config Question

Does anyone know what ports must be opened up for client computers to
download updates from a WSUS server?

My WSUS server is behind a firewall and I only want to open up this server
at a minimum level to the clients.

DirkDiggler wrote:
> Does anyone know what ports must be opened up for client computers to
> download updates from a WSUS server?
>
> My WSUS server is behind a firewall and I only want to open up this server
> at a minimum level to the clients.

Would presume it would be the same port that you configure in group
policy when you specify the update location - The default is 8530.

Ian

I don't recall configuring any ports in group policy. I recall configuration
the name of the server, but not ports.

"Ian" wrote:

> DirkDiggler wrote:
> > Does anyone know what ports must be opened up for client computers to
> > download updates from a WSUS server?
> >
> > My WSUS server is behind a firewall and I only want to open up this server
> > at a minimum level to the clients.
>
> Would presume it would be the same port that you configure in group
> policy when you specify the update location - The default is 8530.
>
> Ian
>

DirkDiggler wrote:
> I don't recall configuring any ports in group policy. I recall configuration
> the name of the server, but not ports.
>
> "Ian" wrote:
>
>
>>DirkDiggler wrote:
>>
>>>Does anyone know what ports must be opened up for client computers to
>>>download updates from a WSUS server?
>>>
>>>My WSUS server is behind a firewall and I only want to open up this server
>>>at a minimum level to the clients.
>>
>>Would presume it would be the same port that you configure in group
>>policy when you specify the update location - The default is 8530.
>>
>>Ian
>>
Have you configured Group Policy to configure the workstations to use
WSUS yet?

What URL do you use to access the admin site - the Group Policy and
firewall should be set to use the same port as specified after the ":"
in the url.

If no port is specified then it's port 80.

Ian

"Ian" <> wrote in message
news:%...
> DirkDiggler wrote:
>> Does anyone know what ports must be opened up for client computers to
>> download updates from a WSUS server?
>>
>> My WSUS server is behind a firewall and I only want to open up this
>> server at a minimum level to the clients.
>
> Would presume it would be the same port that you configure in group policy
> when you specify the update location - The default is 8530.
>
> Ian


Port 8530 is used only if WSUS is not the first website running on that
server (e.g. if WSUS was installed on existing web server).

--
Arek Iskra
MVP for Windows Server - Software Distribution

I tried opening port 80 from the clients to the WSUS server and it didn't
work. For testing purposes I opened up IP/Any to the WSUS server and the
clients immediately began reporting to the update server.

I don't want to leave the firewall open to IP/Any, so does anyone know
exactly which ports are required to allow the clients to receive updates from
the WSUS server?

"Arek Iskra [MVP]" wrote:

> "Ian" <> wrote in message
> news:%...
> > DirkDiggler wrote:
> >> Does anyone know what ports must be opened up for client computers to
> >> download updates from a WSUS server?
> >>
> >> My WSUS server is behind a firewall and I only want to open up this
> >> server at a minimum level to the clients.
> >
> > Would presume it would be the same port that you configure in group policy
> > when you specify the update location - The default is 8530.
> >
> > Ian
>
>
> Port 8530 is used only if WSUS is not the first website running on that
> server (e.g. if WSUS was installed on existing web server).
>
> --
> Arek Iskra
> MVP for Windows Server - Software Distribution
>
>
>

DirkDiggler wrote:
> I tried opening port 80 from the clients to the WSUS server and it didn't
> work. For testing purposes I opened up IP/Any to the WSUS server and the
> clients immediately began reporting to the update server.
>
> I don't want to leave the firewall open to IP/Any, so does anyone know
> exactly which ports are required to allow the clients to receive updates from
> the WSUS server?
>
> "Arek Iskra [MVP]" wrote:
>
>
>>"Ian" <> wrote in message
>>news:%.. .
>>
>>>DirkDiggler wrote:
>>>
>>>>Does anyone know what ports must be opened up for client computers to
>>>>download updates from a WSUS server?
>>>>
>>>>My WSUS server is behind a firewall and I only want to open up this
>>>>server at a minimum level to the clients.
>>>
>>>Would presume it would be the same port that you configure in group policy
>>>when you specify the update location - The default is 8530.
>>>
>>>Ian
>>
>>
>>Port 8530 is used only if WSUS is not the first website running on that
>>server (e.g. if WSUS was installed on existing web server).
>>
>>--
>>Arek Iskra
>>MVP for Windows Server - Software Distribution
>>
>>
>>
Look at IIS for your WSUS website - Go to Properties and you will see
what port the site is running on.

Ian