• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1084
  • Last Modified:

Need outside port 1433 open - SBS2003 ISA2004

A vendor application at one of our SBS sites need port 1433 access to SBS2003 server.
SBS2003 has 2 nics and ISA2004 running to manage the traffic between.

SBS Lan side is 192.168.16.2
SBS Wan side is 10.0.0.5
Router is Cisco RV042.  We normally have port forwarding rules created for email etc. pointing to the wan side NIC i.e. 10.0.0.5

I tried opening port 1433 to 10.0.0.5 but wasn't enough to get vendor inboard.

I'm thinking an ISA rule may need to be created.  Not being very proffecient in ISA if someone believes that to be the case might it be possible to have some definitive description of the rule.

If other than that let me know.

Thanks
Bruce
0
BBrayton
Asked:
BBrayton
  • 4
  • 3
  • 3
  • +1
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
"port 1433" is normally for Microsoft SQL Server.  Is it installed on that machine?
0
 
BBraytonAuthor Commented:
SQL is installed on that machine.  The application they are contemplating requires the software vendor access via the port.

evidently is partial on site partial offsite.
0
 
Rob WilliamsCommented:
For the record, it is very unusual and very insecure to have port 1433 exposed to the internet. In the event it is required between sites this is usually done via VPN for security and to allow simultaneous access to other services such as DNS port 80, and additional services for authentication.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
BBraytonAuthor Commented:
I may be able to lock down the source.  

However can you advise on the technique here to open that port in the dual nic situation w/ w/o ISA?
0
 
Keith AlabasterCommented:
In the ISA gui, instead of creating an access rule, create a non-web publishing rule. Select (or create then select) a protocol for SQL using tcp port 1433 - 1433 (or whatever you want) inbound, select the external interface to listen on and provide the internal IP address that you want the 1433 traffic to be forwarded to on the inside.
Apply the policy.
Job done.
0
 
Rob WilliamsCommented:
If ISA is installed you will need to use the ISA tools to do so, but I am afraid I am not familiar enough with ISA. If ISA is not installed it is open by default. In a 2 NIC configuration RRAS is enabled which disables the windows firewall. There is usually more to it than just enabling port 1433, you normally also need UDP port 1434, and configure a listening port for SQL as on a LAN it uses dynamically assigned ports, which is not an option for Internet use. Perhaps an ISA expert will join in with specifics, but as mentioned it is not a best practice.
0
 
Rob WilliamsCommented:
Speaking of ISA experts :-)
Sorry, I refreshed, but guess less than a minute apart.
0
 
Keith AlabasterCommented:
hey Rob - as you mentioned, crap approach compared to best practice but I have given up trying to educate these days.... no-one wants to listen to expert advice, they just want it to work and screw the security implications to their users, clients or own company data.
0
 
BBraytonAuthor Commented:
Right on the money.
0
 
Rob WilliamsCommented:
You sound frustrated :-) It's like beating your head against the wall isn't it.
I don't blame BBrayton, it's the vendors of these apps; "all you  need to do is...."
0
 
Keith AlabasterCommented:
I don't blame anyone - just one of things....
0
 
Dave BaldwinFixer of ProblemsCommented:
It's worse.  We've had a couple of questions where the vendor simply says that their app works and it's up to you to "fix your network".  And... "No, we're not going to help you."
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now