I have several windows machines in my DMZ, and for DMZ machines, the default is for all outbound access to be blocked, but I want to allow the machines to get windows updates. Any suggestions on how I can do this?
That would be easy if we had and internal WSUS server. We use ZEN. Since DMZ machines need patches on a more critical basis, and the testing to see if patches broke the machines is easier on the DMZ machines, we like to patch these machines more often and on a quicker cycle then the internal machines. We are also trying to avoid connecting our DMZ machines to any internal resources though any standard windows ports so that if they are compromised they won't infect internal machines.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...