PDA

View Full Version : SLES 11 SP4 Firewall Rules for updates and patches



cr_ibix
23-Aug-2016, 07:11
Hello,

i have a SLES 11 SP4 server behind a third party firewall. Now i have to tell the firewall maintainer which adresses and ports sles need to load updates and patches from the internet.
I want to use all features of yast (updates/patches AND registration on the SCC).

Can anyone help me? I found NOTHING about this topic.

thanks

ab
23-Aug-2016, 10:47
The patches all come in via HTTPS, so I believe TCP 443 is the only port
that SLES will access, and that would be a solicited response, so no
unsolicited inbound ports need to be open on your SLES box.

Which addresses... well patches come from a content distribution network,
so I do not know exactly how precise that can be. Maybe somebody else does.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

cr_ibix
23-Aug-2016, 12:33
Thank you very much. Maybe you know the domain the CDN have? Maybe all servers are reachable under https://*.suse.com/* or soemthing like this?

ab
23-Aug-2016, 13:33
Section 4.3 of the SUSE Mahager documentation
https://www.suse.com/documentation/suse-manager-3/singlehtml/suse_manager21/book_susemanager_install/book_susemanager_install.html#sec.manager.inst.set up
has the following information:



Note: Accessing SCC scc.suse.com

scc.suse.com uses proxy technologies to provide a fast download service
world-wide. Depending on the location, the real hostname and the IP
address is different.

To correctly setup company firewalls, to allow access to the repositories,
check which proxy you are using with the following command:

nslookup scc.suse.com


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...