Windows update IP addresses range and subnet mask for Windows Server 2008.
Windows update IP address ranges and subnet mask for Windows Server 2008.
This question almost same posted by Peter Lorenzen at Thursday, August 05, 2010 8:37 AM.
Quote:
We have a couple of Windows 2008 servers. They live behind a firewall and all outgoing communication is must be off.
I wanted to just use online Windows update. To do this I need to open access to some servers at Microsoft like the below. In our firewall you cannot input DNS names but only IPs. The IPs to these servers changes. If I do a nslookup one day I get one IP and
when I try it the day after another. So I cannot get this to work.
· windowsupdate.microsoft.com
· update.microsoft.com
· windowsupdate.com
· download.microsoft.com
· ntservicepack.microsoft.com
New question:
How we able to now fix IP address range for above URL and including sub-net mask?
If we going to enable WSUS, we also need to know what is the IP range and sub-net mask for windows update.
January 13th, 2011 1:06am
Hi,
For security purposes, the IP address for the Windows Update web site constantly changes and it is not a fixed address. Also, there is no official publication of the
IP addresses. We normally advise against defining IP addresses on the firewall for this purpose. Instead, we suggest either allowing all outbound connections to http & https ports or defining the DNS addresses as permitted destinations for traffic via
the firewall.
For up-to-date information about the IP's being used by Windows Update, use the DNS system, as this is the only reliable up to date source of information. If you use
DNS, make sure the following destination hosts are specified:
http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://stats.microsoft.com
https://stats.microsoft.com
Thanks for your understanding.
Best Regards,
Nina
This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
January 17th, 2011 1:07am
Nina,
Do these dynamically change to anything within the Microsoft CIDR block? If they do then it's possible to permit the entire CIDR block for Microsoft, if the security analysts at that particular site with the firewall will permit such a rule.
-Austin
February 10th, 2011 1:29am