• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5605
  • Last Modified:

Sonicwall port forwarding 1433 - Allow access from a single WAN ip for SQL server

I've got a Sonicwall TZ 210, running enhanced firmware at my Nevada office.

I have a data center in California that has an IIS server that needs to connect to a SQL server in my Nevada office via port 1433. I have forwarded port 1433 using the public server wizard in my Sonicwall at my Nevada office.

I don't want to allow everybody to be able to see port 1433 as open, as I'll get a ton of people trying to hack my server. I'd like to restrict access to that port so only my public ip address at my CA office can access the SQL server at my NV office over port 1433.

There's gotta be some way to restrict the access by changing the "ANY" on the firewall rule...  I'm just not sure which part of the rule to change.

Thanks!
0
Wetjet
Asked:
Wetjet
  • 2
  • 2
2 Solutions
 
tjc123IT DirectorCommented:
Identify the external IP address assigned to your IIS server in your datacenter in California or figure out what your Nevada Sonicwall should expect to see when this server requests access to your SQL server.
Create an address object (Network - Address Objects - Add) for the external IP of your datacenter IIS server and choose WAN as the Zone Assignment and Host as the type.
Create an address object (Network - Address Objects - Add) for the internal IP of your Nevada SQL server and choose LAN as the Zone Assignment and Host as the type.
Create a firewall access rule (Firewall - Access Rules - Add) with the following settings.
Action:  Allow
From Zone:  WAN
To Zone:  LAN
Service:  SQL
Source:  (choose the address object you created for the IIS server)
Destination:  (choose the address object you created for the SQL server)
Leave the rest of the settings at default and click OK

Make sure to move this setting to the top of your list inside the Firewall - Access Rules - Matrix - WAN->LAN page by clicking the little up and down arrows at the right of the rule you created.
0
 
WetjetAuthor Commented:
Thank you for your reply.
I've followed your instructions but I have a question. From my Nevada SQL server, if I visit one of those open port check websites, like canyouseeme.org, after implementing this, aren't they suppose to tell me that port 1433 is closed? They shouldn't be able to see that I have port 1433 open since they aren't part of my "allowed" IP addresses.... right?

Thanks!
0
 
tjc123IT DirectorCommented:
That's correct, because you are only allowing traffic from your California IIS server.

Edit:  it may say that the port is open, but no traffic can get in other than your IIS server.
0
 
WetjetAuthor Commented:
Thank you for the fast reply!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now