Re: Patch download to downstream server over port 443
> Andrew wrote:
>> Is there a way to force a WSUS 3.0 downstream to pull its patches from
>> upstream server over TCP port 443 and not port 80.
Not directly, but if you were to run SSL tunnelling software on the downstream
computer you could redirect traffic from a port of your choice (let's say 81) to
the SSL port on the upstream server. That is, you could set it up so that any
program on the downstream server connecting to localhost:81 would have the
connection translated into SSL and forwarded to upstream-server:443.
Then, if you configured WSUS on the downstream server to use localhost:81 as the
proxy server, the BITS connection would be redirected to the upstream server and
it should work. (I think.)
Obviously this isn't a supported configuration, but if you really can't open
port 80 or use a VPN connection this may provide you with a workable, albiet
less than ideal, solution.
The other option would be to set up the downstream server as a disconnected
server, as documented by Microsoft in the WSUS guides. This is at least
supported, though it would be more labour-intensive.
From what I have
>> the metatdata comes over 443 with no issue but the patches fail to
>> Our firewall that only allow 443 communication between the two server.
>> Thanks in advance.