'Re: [IPCop-user] How to setup the MS-windows update roles'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] How to setup the MS-windows update roles
From:       muiz  <muiz () 163 ! com>
Date:       2016-05-31 9:10:53
Message-ID: 4f2a1db3.e520.15506147cad.Coremail.muiz () 163 ! com
[Download RAW message or body]

Dear all,
  Thanks for your reply. Below is my detail information:
  I want to let computers in Green network can download updates from Microsoft \
websites, and cannot access other websites.  I reference to \
https://technet.microsoft.com/en-us/library/bb693717.aspx page.  
  1. Disabled the network access for all PCs in Firewall -> Firewall Rules screen and \
it works.  2. Enable Proxy and Redirectors:  Service -> Proxy page and it works. 
      The client PC in Green network can access website after setup the proxy \
settings.   Windows can download the update files.
  3. Service -> URL Filter screen, 
      3.1 enable URL filter;
      3.2 enable Custom whitelist; 
      3.3 Add the following website to Allowed domains list.
                     windowsupdate.microsoft.com
                    *.windowsupdate.microsoft.com
                    *.update.microsoft.com
                    *.windowsupdate.com
                    download.windowsupdate.com
                    download.microsoft.com
                    *.download.windowsupdate.com
                    test.stats.update.microsoft.com
                    ntservicepack.microsoft.com
                   54.69.147.146
                   125.56.199.137
                   ... a lot of IPs ... 


      3.4 Save and restart
     Windows cannot download the update files. But can open the Allowed domains. 
     
     Any suggestion?


Thanks and best regards,
Muiz

At 2016-05-28 18:01:44, "G.W. Haywood" <ged@jubileegroup.co.uk> wrote:
> Hi there,
> 
> On Sat, 28 May 2016, muiz wrote:
> 
> > Does anyone setup the firewall to let the MS Update service through
> > the firewall?
> 
> http://www.ipcop.org/2.0.0/en/admin/html/firewall-traffic.html
> 
> [QUOTE]
> 2.6.2. What traffic is allowed between Interfaces?
> 
> The security model of IPCop is that the GREEN network is fully trusted
> and any requests from this network, whether initiated by a user or by
> a machine infected with a virus, Trojan horse or other "malware" is
> legitimate and allowed by IPCop.
> [/QUOTE]
> 
> It then goes on to say
> 
> [QUOTE]
> A new feature of IPCop 2.0.0, allows to set policies for each network
> interface. This makes it possible to allow only specific traffic to
> RED and IPCop.
> [/QUOTE]
> 
> and follows that with tables showing "policies", which I for one find
> rather lacking as the tables do not show the default IPCop settings.
> 
> In this page:
> 
> http://www.ipcop.org/2.0.0/en/admin/html/firewall-settings.html
> 
> Figure 2.44 shows that the default "policy" for the GREEN interface
> will be "open", in which case you should not need to do anything at
> all to permit Windows Update traffic.
> 
> If you are talking about Windows Software Update Service (WSUS), it
> uses ports 8530 and 8531 respectively for HTTP and HTTPS connections
> and out of the box IPCop 2.x should allow the traffic because client
> machine initiates it entirely.  Clients may need to be given (via DHCP
> for example) information such as the IP addresses of DNS servers and
> an address for their Internet gateway (presumably an IPCop interface,
> be it GREEN, ORANGE or BLUE) in order to be able to use the service.
> 
> If this does not help you, we need more information.  For example it's
> quite possible that your IPCop is connected to the Internet via some
> third-party router which is selectively blocking traffic.
> 
> There are numerous settings in IPCop 2.x which you might have changed
> and which might as a result of your changes affect the ability of any
> given client to access external services.
> 
> -- 
> 
> 73,
> Ged.
> 
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are 
> consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
> J-Flow, sFlow and other flows. Make informed decisions using capacity 
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@lists.sourceforge.net
> Manage your subscription or unsubscribe
> https://lists.sourceforge.net/lists/listinfo/ipcop-user





 
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
Manage your subscription or unsubscribe
https://lists.sourceforge.net/lists/listinfo/ipcop-user


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic