From 58e6522f1b5b246874dfd83a515ec5bcda58faed Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:21:59 -0700 Subject: [PATCH 1/3] update FAQ questions about ports Updated for accuracy. --- windows/deployment/do/waas-delivery-optimization-faq.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 73a6691166..3501f7bb90 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -77,11 +77,12 @@ sections: questions: - question: Which ports does Delivery Optimization use? answer: | - Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data). + Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound and outbound TCP traffic through your firewall. If you don't allow traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download updates by using HTTP over port 80 (or HTTPS over port 443 where applicable). - Delivery Optimization uses Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up. + If you set the "Download Mode" policy to "Group (2)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up. - Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. + Delivery Optimization also communicates with its cloud service by using HTTPS over port 443. + - question: What are the requirements if I use a proxy? answer: | For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting). From 6e5480be7e27dda72c14e27cc9a4c87f8e3d2af4 Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Wed, 27 Mar 2024 18:04:04 -0700 Subject: [PATCH 2/3] Teredo also used in "Internet" download mode --- windows/deployment/do/waas-delivery-optimization-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml index 3501f7bb90..2113295426 100644 --- a/windows/deployment/do/waas-delivery-optimization-faq.yml +++ b/windows/deployment/do/waas-delivery-optimization-faq.yml @@ -79,7 +79,7 @@ sections: answer: | Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound and outbound TCP traffic through your firewall. If you don't allow traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download updates by using HTTP over port 80 (or HTTPS over port 443 where applicable). - If you set the "Download Mode" policy to "Group (2)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up. + If you set the "Download Mode" policy to "Group (2)" or "Internet (3)", Teredo will be used by Delivery Optimization to connect to peer devices across NATs. You must allow inbound and outbound UDP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up. Delivery Optimization also communicates with its cloud service by using HTTPS over port 443. From 1421a48ebd9fe93198f04b603110f5d810f01032 Mon Sep 17 00:00:00 2001 From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com> Date: Fri, 10 May 2024 17:08:00 -0700 Subject: [PATCH 3/3] Update wufb-wsus.md Correcting an error. --- windows/deployment/update/wufb-wsus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index 6062716b60..2cb3016af2 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -46,7 +46,7 @@ To help you better understand the scan source policy, see the default scan behav - On Windows 10: All of your updates will come from WSUS. - On Windows 11: All of your updates will still come from WSUS unless you configure the specify scan source policy. -- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy. +- If you configure a WSUS server and deferral policies on Windows 10: All of your updates will come from Windows Update unless you specify the scan source policy or have disabled dual scan. - If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy. > [!TIP]