WSUS for external clients without VPN or Direct access Either force vpn/DA/always on vpn or like we do, different gpo for internal and external users. Internal get wsus, external get microsoft auto updates. I prefer the risk of a faulty update vs. Not getting patched. Other thoughts: why no DMZ? I think the danger should be fairly low. Or some kind of planed task which enables auto update on planed Download WSUS Client Diagnostic Tool from Official Jun 09, 2005 VPN | Information Technology | Washington University in St VPN (Virtual Private Network) allows you remote access to secure University resources. We are in the process of consolidating our VPN across campuses. Please use these instructions ONLY if you are … WSUS | Richard M. Hicks Consulting, Inc.

Problems with WSUS over VPN -

Always On VPN Device Tunnel Operation and Best Practices

Block port 8530 (the default port for WSUS), through the VPN.. 1) Clients check in with WSUS and PULL updates. WSUS doesn't push. So, if you prevent that through the VPN connection, they will only get updates locally when not on travel. 2) However, "dstewartjr" has the means to grant permissions for the updates for VPN client to get updates

Sep 17, 2019 9 Best WSUS Server Tools & Alternatives For 2020 (Free + Paid) Apr 28, 2020