Scenario.
Intranet based Primary site with SUP/WSU installed with default ports 8530/8531. Works great for intranet clients.Configured with http/https.
Clients on network get policy fine and the WSUS metadata catalogue, if the client then goes into "Internet" mode by being on a home user internet connection after a catalogue update it will obtain the updates quite happily from the Internet Based DP as it has the new catalogue from the Intranet WSUS/SUP, this is OK for clients that do connect to VPN, however we have a lot of clients that do not connect to VPN due to security restrictions/end user habits.I can also deploy software to the "Internet" clients no problem using the IBCM as described below.
We also IBCM server with DP/MP roles installed in DMZ using standard ports and these roles are working.
There is a Firewall between Intranet and DMZ IBCM server as you would expect.
Is it possible to install another Windows 2012r2 server in the DMZ and only install the SUP/WSUS role using port 80/443, with WSUS sharing the upstream WSUS server for the catalogue or should I use the default database and synchronise between the Intranet/Internet servers, as 443 is the only port we can use on the IBCM server, is this possible??
I have read that 8531 still needs to be open for WSUS to sync correctly, with its upstream WSUS server is this true??
Can I install an SUP/WSUS role on 443 and communicate/sync with my intranet which is using 8530/8531??
Any help greatly appreciated, I have asked a similar question which didn't quite answer this fully,
thanks in a