WSUS Server communication

Yasar mistry 251 Reputation points

Dear Support,

I have below doubts, please i want to restrict wsus traffic through firewall so is below ports are correct.. if not so please share the port details.. appreciated...

1- Wsus Upstream server to WSUS Downstream server comunication only 8530 port need to be allow right?
2- Wsus server to Client also 8530 right..

Please correct me if i am wrong..

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,222 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,135 questions
0 comments No comments
{count} votes

Accepted answer
  1. AllenLiu-MSFT 35,726 Reputation points Microsoft Vendor

    @Yasar mistry
    Thank you for posting in Microsoft Q&A forum.
    1.WSUS upstream and downstream servers will synchronize on the port configured by the WSUS Administrator. By default, these ports are configured as follows:
    On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS
    On WSUS 6.2 and later (at least Windows Server 2012 ), port 8530 for HTTP and 8531 for HTTPS are used

    2.The default ports are the same as above.

    The details:

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. SUNOJ KUMAR YELURU 13,611 Reputation points MVP

    Hi @Yasar mistry
    By default, WSUS will use port 8530 for HTTP and 8531 for HTTPS are used. The firewall on the WSUS server must be configured to allow inbound traffic on these ports.

    If your using with out SSL then you can allow port 8530.

    upstream and downstream server
    Primary upstream server: inbound port 8531 open so the downstream servers can communicate to it through ssl.

    Primary upstream server: inbound port 8530 open so local client systems can communicate with it

    Downstream servers: outbound port 8531 open so it can communicate to the primary upstream server through ssl.

    Downstream servers: inbound port 8530 open so it can receive communication from client systems.

    Client systems: outbound port 8530 so they can communicate with their respective wsus server.

    Both Clients and Downstream Servers communicate with the WSUS server on the same ports. Either SSL is required (for ALL inbound connections), or it's not. However, file content is not downloaded via SSL connections, so if SSL is enabled, then both ports 8530 and 8531 are required in all cases. (Or alternatively 80/443 if this is a WSUS v3 server not on the alternate ports.)

    Likewise, the outbound connections need to be open on both 8530/8531 (or 80/443), for both internal systems as well as the USS that connects with Microsoft. Synchronization with MU is done via SSL on port 443; file transfers are done via HTTP on port 80.

    If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.

    2 people found this answer helpful.
    0 comments No comments