I have several windows machines in my DMZ, and for DMZ machines, the default is for all outbound access to be blocked, but I want to allow the machines to get windows updates. Any suggestions on how I can do this?
To specify the source interface (if you are pulling the file from a remote site through a VPN tunnel and need the copy to source from the inside interface)
try this:
copy tftp://1.1.1.1/filename.bin;int=inside flash:
Here is where I got this:
http:...
From the remote firewall, to specify the source interface, try this:
copy tftp://1.1.1.1/filename.bin;int=inside flash:
Here is where I got this:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa70/command/reference/cref_txt/c.html#wp1970383
I have the same problem, but it is beause the loopback address on the router is in the summary range and with dual connections back to the core, half of the traffic would still try to head toward the summary routes.
Looks like an eligant solution, bu...
That would be easy if we had and internal WSUS server. We use ZEN. Since DMZ machines need patches on a more critical basis, and the testing to see if patches broke the machines is easier on the DMZ machines, we like to patch these machines more of...