کد:
http://www.isaserver.bm/isa_articles/wsus_https.html
As WSUS seems to be getting installed on most networks, I have created this article to make configuring a rule to allow your ISA Server to update itself via HTTPS.
For this tutorial, WSUS was configured to use HTTPS, on port 8531, (HTTP port 8530).
First of all you need to create the SSL tunnel by using ISAtpre, (available from Jim Harrison’s website,
http://www.isatools.org/ISAtrpe.zip),
Use 8531 in both the LowPort and HighPort fields, and call it WSUSSSL, then click add tunnel range.
Now we can create the new protocols for the new access rule.
1. The WSUS Protocol
2. Add the new Protocol port
3. No secondary connections.
4. Click finish
Follow steps 1 thru 4 to create the WSUSSSL protocol using the tunneled port created with ISAtpre, in this case 8531.
If you do not have done so already, create a computer object for your ISA Server and one for your WSUS Server.
We need to apply the protocols to the access rule, Kerberos – Sec (UDP), and the 2 protocols we created, WSUS and WSUSSSL.
Right click on Firewall Policy, select new Access rule.
Select Allow.
Select the needed protocols
Click Next.
Add the ISA Server computer object
Click next.
Add the WSUS Server object.
Click next.
Leave all users in user sets
Click next, then click finish.
The new access rule should be higher in the Policy list than any deny rule that explicitly blocks the ports that we have just used.
If you now update the WSUS autoupdate client,
You will see a successful connection to the WSUS Server and it will receive it’s updates in due course.
Although you are only seeing the HTTP connection, the WSUS reporting and agent functions are carried out on the WSUSSSL port.