Export (0) Print
Expand All

Configure the Network

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server Update Services

Before you start to install WSUS, you should make sure that your network is configured to work with WSUS. You should check two areas in particular: the proxy server (if your network uses a proxy server to communicate with the Internet) and the corporate firewall

When you configure the root WSUS server on your network, you need to know whether there will be a proxy server between the WSUS server and the Internet. If you do, you will need to check the following issues before starting to install WSUS:

  • Protocols supported by the proxy server. WSUS will communicate with Microsoft Update via HTTP and SSL, so the proxy server must support both protocols.

  • The authentication method used by the proxy server (basic authentication or Windows authentication).

If there is a corporate firewall between WSUS and the Internet, you might need to configure the firewall to ensure that WSUS can obtain updates.

  • To obtain updates from Microsoft Update, the WSUS server uses port 80 for HTTP protocol and port 443 for HTTPS protocol. This is not configurable.

  • If your organization does not allow those ports and protocols to be open to all addresses, you can restrict access to the following domains so WSUS and Automatic Updates can communicate with Microsoft Update:

    • http://windowsupdate.microsoft.com

    • http://*.windowsupdate.microsoft.com

    • https://*.windowsupdate.microsoft.com

    • http://*.update.microsoft.com

    • https://*.update.microsoft.com

    • http://*.windowsupdate.com

    • http://download.windowsupdate.com

    • http://download.microsoft.com

    • http://*.download.windowsupdate.com

    • http://test.stats.update.microsoft.com

    • http://ntservicepack.microsoft.com

noteNote
The steps for configuring the firewall are meant for a corporate firewall positioned between WSUS and the Internet. Because WSUS initiates all its network traffic, there is no need to configure Windows Firewall on the WSUS server.

Although the connection between Microsoft Update and WSUS requires ports 80 and 443 to be open, you can configure multiple WSUS servers to synchronize with a custom port.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft