Problem connecting to SQL hosted behind ISA server firewall
Posted on 2006-05-03
I have a Citrix farm using public IP's. On my servers I have a 3rd party app that connects to their external hosted SQL server on Port 80. This is working fine. When I enable NAT on my firewall and attempt to connect to this same app it works fine initially but once my farm gets busy and usage of the app picks up I lose connection to the SQL server. I am unable to ping it or connect to it. No communication with it whatsoever. All other services run fine in this NAT config.
If I change my NAT public IP I can again communicate with the external server on Port 80 for a brief period but once usage picks up I can't connect again.
When I bypass my firewall and connect a workstation directly to my ISP's router/gateway using one of the non-working IP addresses it still doesn't work. If I change to an unused IP it works.
I have used a couple different Watchguard Fireboxes. Most recently the Firebox III. I just found out our SQL host is using Microsoft ISA server/firewall -- not sure which version yet.
It seems to me that at some point as my usage perks up something on the ISA box/firewall is misinterpreting the traffic from my IP address as an attack of some sort -- even though it is coming over Port 80 -- and automatically blocking us? I am not too familiar with ISA server settings/features. Am I totally off-base here? Is there something I can tell my hosting company to check/do to verify this? At this point they are suggesting it is a misconfig on my NAT but I can replicate the problem with a "blocked" IP even when I bypass my firewall/NAT.