Due to PCI compliance, I am not segmenting my point of sale computers onto their own LAN and must block all internet traffic except the traffic that is needed by the card holder data network. I have blocked all access except for a couple of specific IP's that are needed. My last concern is how do I allow windows updates and AV updates to occur? I am either going to use Norton 360 or Microsoft Security Essentials. Allowing the windows updates has proven quite difficult.