Points of My Scenario:
1. I need to deploy SCCM 2012 in a Windows Server 2008 R2 domain.
2. Many clients reside behind the firewall, although most are in the non-firewalled network
3. i am using SCCM to deploy Software Updates, for both firewalled clients and non-firewalled clients
4. My firewall is configured to have only ONE IP address with port 80 (http) traffic allowed
5. I plan to use that IP for the SCCM Site server
6. I plan to put WSUS on a separate server (i.e. different IP)
CONCERN: If clients require http access (port 80) to WSUS, then firewall clients will fail to get updates.
QUESTION: Do SCCM clients need to communicate to WSUS in order to get the software updates?