[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-user
Subject: Re: [IPCop-user] How to setup the MS-windows update roles
From: muiz <muiz () 163 ! com>
Date: 2016-05-31 9:10:53
Message-ID: 4f2a1db3.e520.15506147cad.Coremail.muiz () 163 ! com
[Download RAW message or body]
Dear all,
Thanks for your reply. Below is my detail information:
I want to let computers in Green network can download updates from Microsoft \
websites, and cannot access other websites. I reference to \
https://technet.microsoft.com/en-us/library/bb693717.aspx page.
1. Disabled the network access for all PCs in Firewall -> Firewall Rules screen and \
it works. 2. Enable Proxy and Redirectors: Service -> Proxy page and it works.
The client PC in Green network can access website after setup the proxy \
settings. Windows can download the update files.
3. Service -> URL Filter screen,
3.1 enable URL filter;
3.2 enable Custom whitelist;
3.3 Add the following website to Allowed domains list.
windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
*.update.microsoft.com
*.windowsupdate.com
download.windowsupdate.com
download.microsoft.com
*.download.windowsupdate.com
test.stats.update.microsoft.com
ntservicepack.microsoft.com
54.69.147.146
125.56.199.137
... a lot of IPs ...
3.4 Save and restart
Windows cannot download the update files. But can open the Allowed domains.
Any suggestion?
Thanks and best regards,
Muiz
At 2016-05-28 18:01:44, "G.W. Haywood" <ged@jubileegroup.co.uk> wrote:
> Hi there,
>
> On Sat, 28 May 2016, muiz wrote:
>
> > Does anyone setup the firewall to let the MS Update service through
> > the firewall?
>
> http://www.ipcop.org/2.0.0/en/admin/html/firewall-traffic.html
>
> [QUOTE]
> 2.6.2. What traffic is allowed between Interfaces?
>
> The security model of IPCop is that the GREEN network is fully trusted
> and any requests from this network, whether initiated by a user or by
> a machine infected with a virus, Trojan horse or other "malware" is
> legitimate and allowed by IPCop.
> [/QUOTE]
>
> It then goes on to say
>
> [QUOTE]
> A new feature of IPCop 2.0.0, allows to set policies for each network
> interface. This makes it possible to allow only specific traffic to
> RED and IPCop.
> [/QUOTE]
>
> and follows that with tables showing "policies", which I for one find
> rather lacking as the tables do not show the default IPCop settings.
>
> In this page:
>
> http://www.ipcop.org/2.0.0/en/admin/html/firewall-settings.html
>
> Figure 2.44 shows that the default "policy" for the GREEN interface
> will be "open", in which case you should not need to do anything at
> all to permit Windows Update traffic.
>
> If you are talking about Windows Software Update Service (WSUS), it
> uses ports 8530 and 8531 respectively for HTTP and HTTPS connections
> and out of the box IPCop 2.x should allow the traffic because client
> machine initiates it entirely. Clients may need to be given (via DHCP
> for example) information such as the IP addresses of DNS servers and
> an address for their Internet gateway (presumably an IPCop interface,
> be it GREEN, ORANGE or BLUE) in order to be able to use the service.
>
> If this does not help you, we need more information. For example it's
> quite possible that your IPCop is connected to the Internet via some
> third-party router which is selectively blocking traffic.
>
> There are numerous settings in IPCop 2.x which you might have changed
> and which might as a result of your changes affect the ability of any
> given client to access external services.
>
> --
>
> 73,
> Ged.
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@lists.sourceforge.net
> Manage your subscription or unsubscribe
> https://lists.sourceforge.net/lists/listinfo/ipcop-user
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
Manage your subscription or unsubscribe
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic