|
Why should WSUS bypass the proxy server? |
| For those of you routing your Internet traffic through a Proxy Server -- you
might want to consider the ramifications of routing your WSUS through your Proxy
Server. If your Proxy Server is configured as a caching proxy, then it's possible that all of the Gigabytes of WSUS content downloaded are going to be cached on your proxy server (for some period of time). This will likely have a negative impact to the web performance of other web-browsing clients that take advantage of proxy caching. If your proxy server permits the selective disabling of caching on a per-proxy-client basis, I would suggest doing so for your WSUS server. Even if its not a caching proxy, your proxy server is going to have to suck up the bandwidth load of the file transfers being performed by the WSUS server. As we've seen lots of problems with proxy servers in the mix, if your proxy server is separate from your perimeter firewall, the /best/ solution would be to allow your WSUS server to completely bypass the proxy server, and talk directly to the permeter firewall -- though I understand many corporate policies won't allow that. Note: If you're bound by corporate "proxy" policy, you should consider having a review of such a policy and explain the reasons why the WSUS server should be exempted from routing its traffic through the proxy server. |