Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WSUS

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      vitoreiter
      last edited by

      Dear pfSense Community,

      I have a basic WAN > pfSense > LAN setup here in my building. I have followed exact steps for port forwarding my WSUS server on port 8530. I get a bit of randomness when it comes to the WSUS picking up the computers, however, they will just check for updates forever and never get any… I can't seem to find documentation on exactly how the WSUS port forward works on pfSense and for security purposes I can't really give exact IP's. For example lets say that WSUS is on x.x.x.45 and other systems are on the same subnet trying to reach WSUS via 8530 so theres not blocks or anything that standout. I'm just trying to find a proper way to port forward this 8530 port so that my client computers can reach the WSUS and properly update.

      Thanks,
      Vito Reiter
      IT/Engineering

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        why would you need to port-forward anything?
        you say wsus is on the same subnet as the clients: then pfsense is not involved in any way.

        1 Reply Last reply Reply Quote 0
        • M Offline
          marvosa
          last edited by

          The clients communicate with the WSUS server over the LAN.  None of the client/server traffic hits the firewall, so you should be posting on the Microsoft forums, not the PFsense forums.

          1 Reply Last reply Reply Quote 0
          • V Offline
            vitoreiter
            last edited by

            Yeah, It seems to just be an internal problem with our DNS or something about like that. While we're here how can I make this externally available to clients outside my network through pfSense? That's a feature I plan to use as well.

            1 Reply Last reply Reply Quote 0
            • M Offline
              marvosa
              last edited by

              Well, if I'm not mistaken, the client communication is configured via Group Policy.  Clients that are offsite should be connecting to VPN and communicating with the WSUS via internal resources for updates.  There should be no reason to expose your WSUS server externally.

              1 Reply Last reply Reply Quote 0
              • jahonixJ Offline
                jahonix
                last edited by

                @vitoreiter:

                …and for security purposes I can't really give exact IP's. For example lets say that WSUS is on x.x.x.45 and other systems are on the same subnet ...

                Do you use public IPs internally? Then use RFC5737 Test-Net addresses for documentation, that's what they are there for. But usually RFC1918 are misunderstood.
                I'm currently dealing with a university that does just that, use public IPv4 addresses internally. And only internally…

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.