08-10-2010
04:23 AM
- last edited on
02-21-2020
11:21 PM
by
cc_security_adm
Hi,
Does anyone know how to use WSUS Server in NAC Appliance. I can able to authenticate in the network with the clean access agent. But everytime I used the WSUS requirement it pass through from normal login role to temporarily role for remediation. Im using a WSUS server. So it will lookup to WSUS requirement but the problem I cannot able to remediate using it, I got error message. Do I need to allow some ports in the network to make it work? What ports do I have to open? Please see attachment. Thanks.
Regards,
Richard
Solved! Go to Solution.
08-13-2010 04:29 AM
Richard,
When you use WSUS with NAC, all the NAC agent does is to tell the Windows Update agent to go update itself. Now it depends on the WSUS setting on the client where it will go to check for updates. If you have it configured for MS servers, it will go talk to them. If you have your clients configured for internal WSUS server, it will check in with them.
Here are details on how to set the registry keys for both scenarios (AD and non-AD)
Non-AD: http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx
AD: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx
HTH,
Faisal
08-10-2010 06:01 AM
Are you doing it against the Microsoft servers or an internal server? If Microsoft, you'll want to allow access to the normal update servers.
The WSUS log is stored under %windir&/WindowsUpdate.log, so you can check that to see what errors WSUS itself is reporting.
08-11-2010 03:15 AM
Hi Lauren,
What do you mean by against the microsoft server? I have setup a microsoft server which I made it as a DC,DNS,DHCP and WSUS Server. I want my client users to authenticate to microsoft server as well as getting updates to the WSUS server. I dont know if my nac sever is communicating to the WSUS server for getting updates, it shows an error message to nac agent. Do you know how can I able to make my WSUS server and nac to work? Thanks a lot for the reply.
Richard
08-13-2010 04:29 AM
Richard,
When you use WSUS with NAC, all the NAC agent does is to tell the Windows Update agent to go update itself. Now it depends on the WSUS setting on the client where it will go to check for updates. If you have it configured for MS servers, it will go talk to them. If you have your clients configured for internal WSUS server, it will check in with them.
Here are details on how to set the registry keys for both scenarios (AD and non-AD)
Non-AD: http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx
AD: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx
HTH,
Faisal
08-14-2010 10:38 PM
Thanks Faisal, that really helps me to configure my WSUS server properly. Now the client workstation gets updates from the WSUS server.
One more question dude how about the anti-virus, currently I have setup an McAfee server. How will the client gets update to the AV server through NAC. What I saw from the manual of the nac there is no function of pointing the AV rule to the AV server to gets update. Or just need to setup the requirement for the AV in the nac and the AV itself will be the one to map to the AV server.. Please let me know about the function of it. Thanks.
Richard
08-15-2010 02:10 AM
Richard,
This again is the function of the AV program. The program has to know where to get its updates from. If it's a managed program then you can more than likely make it point to an internal AV server first, and then hit the internet.
Checking out the Mcafee documentation to see if they support such a thing would be a good place to start.
HTH,
Faisal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide