|
Posted by Roger Abell [MVP] on January 6, 2007, 8:24 pm
Please log in for more thread options
I do not know what capabilities your AV product offers.
WSUS is however built upon IIS, and IIS can be configured
as to IP for the site (instead perhaps your current, the default
of All Unassigned). IIS will only use the defined IP for the
responding site, i.e. one in 192.168.1.32/27 subnet.
In addition, another host-based approach is to use IPsec
in a filtering mode to restrict the port availability so that
http/https and whatever the AV uses are allowed only on
the desired IP.
> We have a member Server. W2K3, with dual NICs that responds to domain
> traffic Vlan, 192.160.1.0/27 and Internet Vlan, 192.168.1.32/27. Internet
> traffic is outbound only for purposes of updating WSUS, AV pattern
> updates.
> The server is protected by Cisco CBAC Firewall.
>
> How can I force all update traffic (http) to use the 192.168.1.32 vlan? Is
> their a better way I can design network flow, with the priority on server
> protection.
>
> Thanks in advance for help
>
| 
XML Sitemap