Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Sonicwall port forwarding 1433 - Allow access from a single WAN ip for SQL server

Posted on 2013-02-04
4
4,767 Views
Last Modified: 2013-02-04
I've got a Sonicwall TZ 210, running enhanced firmware at my Nevada office.

I have a data center in California that has an IIS server that needs to connect to a SQL server in my Nevada office via port 1433. I have forwarded port 1433 using the public server wizard in my Sonicwall at my Nevada office.

I don't want to allow everybody to be able to see port 1433 as open, as I'll get a ton of people trying to hack my server. I'd like to restrict access to that port so only my public ip address at my CA office can access the SQL server at my NV office over port 1433.

There's gotta be some way to restrict the access by changing the "ANY" on the firewall rule...  I'm just not sure which part of the rule to change.

Thanks!
0
Comment
Question by:Wetjet
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
tjc123 earned 500 total points
ID: 38852739
Identify the external IP address assigned to your IIS server in your datacenter in California or figure out what your Nevada Sonicwall should expect to see when this server requests access to your SQL server.
Create an address object (Network - Address Objects - Add) for the external IP of your datacenter IIS server and choose WAN as the Zone Assignment and Host as the type.
Create an address object (Network - Address Objects - Add) for the internal IP of your Nevada SQL server and choose LAN as the Zone Assignment and Host as the type.
Create a firewall access rule (Firewall - Access Rules - Add) with the following settings.
Action:  Allow
From Zone:  WAN
To Zone:  LAN
Service:  SQL
Source:  (choose the address object you created for the IIS server)
Destination:  (choose the address object you created for the SQL server)
Leave the rest of the settings at default and click OK

Make sure to move this setting to the top of your list inside the Firewall - Access Rules - Matrix - WAN->LAN page by clicking the little up and down arrows at the right of the rule you created.
0
 

Author Comment

by:Wetjet
ID: 38853077
Thank you for your reply.
I've followed your instructions but I have a question. From my Nevada SQL server, if I visit one of those open port check websites, like canyouseeme.org, after implementing this, aren't they suppose to tell me that port 1433 is closed? They shouldn't be able to see that I have port 1433 open since they aren't part of my "allowed" IP addresses.... right?

Thanks!
0
 
LVL 5

Assisted Solution

by:tjc123
tjc123 earned 500 total points
ID: 38853091
That's correct, because you are only allowing traffic from your California IIS server.

Edit:  it may say that the port is open, but no traffic can get in other than your IIS server.
0
 

Author Closing Comment

by:Wetjet
ID: 38853173
Thank you for the fast reply!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall Web User login Redirect 9 70
ASE reports it as spam 2 599
Help with a redirect in web.config file 8 56
Upgrading from Sonicwall Tz210 6 10
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question