How to bypass WSUS on 2.3.2-RELEASE-p1



  • PFSense version 2.3.2-RELEASE-p1 is installed in our environment but PFSense allowing some users to connect and some users are not reported yet. kindly help me out in this regard.



  • can the computers access http:// <ip-of-wsus>or https://<ip-of-wsus>:443 ?

    if yes: maybe the aren't set up to use the wsus. check if the computers have the registrykey hklm\software\policies\microsoft\windows\windowsupdate and there a string named WUServer with the value of your wsus.

    if no: try to access the site mentioned under the registrykey mentioned above and check the firewall-log if you see some blocked packets</ip-of-wsus></ip-of-wsus>



  • Yeah users can access via http://xxx.xxx.xxx.xxx and as we are in domain environment policy is forced through domain controller.



  • if they can access the wsus and the registrykeys are set by domain policy, then i think its not the fault of the pfsense.

    open an administrator-cmd-window on the client and try
    wuauclt /detectnow
    wuauclt /reportnow
    maybe that helps. sometimes computers just need some time to report and you can force them with these 2 commands.



  • already tried, also pfsense recording GB's of CAB file record to users and its hard to justify to non technical management that it is not a internet usage and a WSUS files.


  • Banned

    What on earth do you mean here? This doesn't make any sense. There's nothing to bypass, the traffic will either never hit the firewall if the WSUS server is on the same LAN, or will get routed to another subnet.

    Are you trying to cache WSUS with Squid or some such stupid idea?


Log in to reply