Windows update IP addresses range and subnet mask for Windows Server 2008.
Windows update IP address ranges and subnet mask for Windows Server 2008. This question almost same posted by Peter Lorenzen at Thursday, August 05, 2010 8:37 AM. Quote: We have a couple of Windows 2008 servers. They live behind a firewall and all outgoing communication is must be off. I wanted to just use online Windows update. To do this I need to open access to some servers at Microsoft like the below. In our firewall you cannot input DNS names but only IPs. The IPs to these servers changes. If I do a nslookup one day I get one IP and when I try it the day after another. So I cannot get this to work. · windowsupdate.microsoft.com · update.microsoft.com · windowsupdate.com · download.microsoft.com · ntservicepack.microsoft.com New question: How we able to now fix IP address range for above URL and including sub-net mask? If we going to enable WSUS, we also need to know what is the IP range and sub-net mask for windows update.
January 13th, 2011 1:06am

Hi, For security purposes, the IP address for the Windows Update web site constantly changes and it is not a fixed address. Also, there is no official publication of the IP addresses. We normally advise against defining IP addresses on the firewall for this purpose. Instead, we suggest either allowing all outbound connections to http & https ports or defining the DNS addresses as permitted destinations for traffic via the firewall. For up-to-date information about the IP's being used by Windows Update, use the DNS system, as this is the only reliable up to date source of information. If you use DNS, make sure the following destination hosts are specified: http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://wustat.windows.com http://ntservicepack.microsoft.com http://stats.microsoft.com https://stats.microsoft.com Thanks for your understanding. Best Regards, Nina This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
January 17th, 2011 1:07am

Nina, Do these dynamically change to anything within the Microsoft CIDR block? If they do then it's possible to permit the entire CIDR block for Microsoft, if the security analysts at that particular site with the firewall will permit such a rule. -Austin
February 10th, 2011 1:29am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics