This network diagram shows server placement and firewall configuration for the following supported scenario for Internet-based client management in Configuration Manager 2007:

If you have a server running the software update point role that needs to synchronize software update metadata with an active software update point in the parent site, Configuration Manager synchronizes the software updates metadata with a connection from this server to the active software update point and most connections will use HTTPS. However, when the software updates metadata has associated license terms (for example, if the software update is a service pack), the connection uses HTTP. To avoid these in-bound connections from the perimeter network to the intranet, use the export and import method of synchronizing the software updates as described in the following topic: How to Synchronize Updates Using Export and Import.

Internet-based diagram: Scenario 2a

See Also