@Rakesh Kumar
Thanks for your posting on Q&A.
According to this link, the WSUS will connect to the belowb links to get the required update files:
http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
https://download.microsoft.com
http://*.download.windowsupdate.com
http://ntservicepack.microsoft.com
http://dl.delivery.mp.microsoft.com
https://dl.delivery.mp.microsoft.com
Also we could apply the below policy to prevent the clients from scanning updates from the Internet:
Please review this link and apply the above policy for the clients. Hope the above will be helpful.
Please keep us in touch if your have any quetions.
Regards,
Rita
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.