• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

IIS Server to internal SQL Server - Works with cross over, doesn't work in DMZ.

Configuration:
1) In a test environment I have a IIS Server (Running MS Web Ed 2003) in a DMZ.
2) I have my laptop connected to the WAN port of the firewall pretending to be a internet customer
3) On the LAN port of my firewall I have my SQL 2005 server waiting for requests.
4) I have updated both the Web Server and SQL server with the appropriate routing statements

Event:
When I connect to my webserver using my laptop, I get my webpage and I begin to login and request information that will send a request to my SQL database.  

Problem:
1) When I leave the IIS server connected to the DMZ and program the firewall to allow all ports and services through, the data from the SQL server times out.
2) If I put a crossover cable between the IIS server and the SQL server (changing the IP address to match the same segment of course) then it works fine.  The data being displayed works great.

I've called the firewall support line and they had be do some packet captures and the only thing we see are SQL handshakes;  The packets are entering and exiting the firewall as it should so support is saying its not the firewall. (using other tools to show this..)

Support is saying I'm pretty much on my own....  Where else do I go?  (Experts Exchange.. of course)
Thanks in advance.
--LANMAN
0
LANMAN_TA
Asked:
LANMAN_TA
  • 3
  • 2
1 Solution
 
jrm213jrm213Commented:
Hi,

Ok, so it sounds like you have this situation

|laptop| (WAN)
     |
|firewall| --- |SQL Server| (LAN)
     |
|webserver|(DMZ of Firewall)


Are you connecting from the webserver to the sql server with Integrated Security or SQL Server Security?



0
 
LANMAN_TAAuthor Commented:
SQL Server Security.

--LANMAN
0
 
jrm213jrm213Commented:
If you plug your laptop into the dmz can you connect to the sql server via enterprise tools?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LANMAN_TAAuthor Commented:
Sorry to keep you waiting.. I will test this and post the results.

--LANMAN
0
 
LANMAN_TAAuthor Commented:
Found the problem:
The enbedded NIC's that come with most Dell's are Broadcom. The drivers by default didn't play well with TCP/IP stack as the traffic was coming back to the webserver.  It would just kill the connection on a 4Meg+ file. (anything 3.99meg or less would work just fine).
We just by-passed the Broadcom with a good ol' 3Com NIC and all is well.

After all the research is wasn't the firewall. *sigh    

--LANMAN
0
 
Vee_ModCommented:
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now