cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2574
Views
0
Helpful
3
Replies

Allow windows update for DMZ machines

Dan Mullendore
Level 1
Level 1

I have several windows machines in my DMZ, and for DMZ machines, the default is for all outbound access to be blocked, but I want to allow the machines to get windows updates. Any suggestions on how I can do this?

3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

I'm no Windows expert, but can't you point your Windows server to update from your internal WSUS servers?

That would be easy if we had and internal WSUS server. We use ZEN. Since DMZ machines need patches on a more critical basis, and the testing to see if patches broke the machines is easier on the DMZ machines, we like to patch these machines more often and on a quicker cycle then the internal machines. We are also trying to avoid connecting our DMZ machines to any internal resources though any standard windows ports so that if they are compromised they won't infect internal machines.

Maybe we're too paranoid?

Hi,

I suggest creating an outbound access rule to be applied on your DMZ interface allowing HTTP traffic originating from the servers needed to be updated. You may remove the access rule once done.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: