How to Patch VPN and ON_prem device if only on Primary Server
We have one Data center and configure our Primary Server (DP, MP,SUP,FSP) role on that box. We have 4 Sites and they got all windows updates from Primary server . Everything works fine but after Covid19; user are working from home. We were patching VPN workstation and ask to connect VPN on weekend; patching was happening fine but suddenly network bandwith start chocking. We have enabled split tunneling and select option so VPN Client donwload only from microsoft not their Local DP.
Our problem is how to provide patch to VPN and on-prem devices.
if we don’t download the Monthly patch and enable check box to download from microsoft so everything goes well with VPN device but our on-perm client not able to download anything.
please suggest me how to work on this isuse to provide patch to on-prem and vpn client.
1) should we create Software update group and no download from Microsoft. Deploy this SUG to VPN device and select (if software updates are not available on DP in current, neighbor or site boundary group, download from Microsoft updates.
2) Create another Software update Group and download. Deploy this to on-perm device