5

I work for a small IT company that fix mostly Windows computers, and lately we have an huge issue with Windows 10 updates.

When a new computer enters our network and starts downloading updates, it block internet for every other PC.

I've read that this is because of the new P2P mode, and if I manually disable that, in fact, it works.

But I can't manually disable a setting on every client pc everytime a new customer brings his pc.

Is there a way to block this behaviour with a firewall? I'm running Ubuntu Server with FireHol to manage internet inside my network, and currently I didn't setup any QoS since we have plenty of bandwidth and when we download something on a computer we would like to do that at full speed.

Any thoughts?

JohnKiller
  • 163

1 Answers1

0

If it downloads via non SSL connection you can setup a proxy cache like squid.

Then you have a local server that won't go through the internet. Hopefully you have gigabit locally so it won't bog down your local network.

Second if you can place your client PC's on their own subnet then:

iptables -i eth0 (or etc) -s 192.168.100.1 -d ip/ms server name -j DROP

Setup your own PC with P2P for Windows 10 updates on so that it fetches updates from there instead of going to the internet. You can use iptables IP/port forwarding to forceable re-direct said update traffic to your local Windows 10 PC with P2P turned on.

If you have separate subnets for clients/work PC you can QoS just the appropriate subnet or just QoS the microsoft update server.

cybernard
  • 14,924