To configure your Windows 11 desktops to use the bastion server as an HTTPS proxy for Windows Update without enabling IP routing; to achieve this:
- Configure the Proxy on the Bastion Server:
- Ensure Apache httpd is set up to proxy HTTPS requests. You can add the following configuration to your Apache httpd configuration file (
httpd.conf
orapache2.conf
):<VirtualHost *:443> ProxyRequests On ProxyVia On <Proxy *> Require all granted </Proxy> ProxyPass / https://windowsupdate.microsoft.com/ ProxyPassReverse / https://windowsupdate.microsoft.com/ </VirtualHost>
- Ensure Apache httpd is set up to proxy HTTPS requests. You can add the following configuration to your Apache httpd configuration file (
- Set Proxy Settings on Windows 11 Desktops:
- Open Command Prompt as an administrator.
- Use the
netsh
command to set the proxy settings for Windows Update:netsh winhttp set proxy proxy-server="http=your_bastion_server:port;https=your_bastion_server:port"
- Verify Proxy Settings:
- You can check the current proxy settings with:
netsh winhttp show proxy
- You can check the current proxy settings with:
- Test Windows Update:
- Run Windows Update on one of the desktops to ensure it can connect through the proxy.
This setup will allow your Windows 11 desktops to use the bastion server as an HTTPS proxy for Windows Update without the need of enabling IP routing.
If any issues, you may need to adjust your firewall rules to allow traffic between the desktops & the bastion server on the specified ports.