Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

Sonicwall port forwarding 1433 - Allow access from a single WAN ip for SQL server

Posted on 2013-02-04
4
Medium Priority
?
5,331 Views
Last Modified: 2013-02-04
I've got a Sonicwall TZ 210, running enhanced firmware at my Nevada office.

I have a data center in California that has an IIS server that needs to connect to a SQL server in my Nevada office via port 1433. I have forwarded port 1433 using the public server wizard in my Sonicwall at my Nevada office.

I don't want to allow everybody to be able to see port 1433 as open, as I'll get a ton of people trying to hack my server. I'd like to restrict access to that port so only my public ip address at my CA office can access the SQL server at my NV office over port 1433.

There's gotta be some way to restrict the access by changing the "ANY" on the firewall rule...  I'm just not sure which part of the rule to change.

Thanks!
0
Comment
Question by:Wetjet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
tjc123 earned 2000 total points
ID: 38852739
Identify the external IP address assigned to your IIS server in your datacenter in California or figure out what your Nevada Sonicwall should expect to see when this server requests access to your SQL server.
Create an address object (Network - Address Objects - Add) for the external IP of your datacenter IIS server and choose WAN as the Zone Assignment and Host as the type.
Create an address object (Network - Address Objects - Add) for the internal IP of your Nevada SQL server and choose LAN as the Zone Assignment and Host as the type.
Create a firewall access rule (Firewall - Access Rules - Add) with the following settings.
Action:  Allow
From Zone:  WAN
To Zone:  LAN
Service:  SQL
Source:  (choose the address object you created for the IIS server)
Destination:  (choose the address object you created for the SQL server)
Leave the rest of the settings at default and click OK

Make sure to move this setting to the top of your list inside the Firewall - Access Rules - Matrix - WAN->LAN page by clicking the little up and down arrows at the right of the rule you created.
0
 

Author Comment

by:Wetjet
ID: 38853077
Thank you for your reply.
I've followed your instructions but I have a question. From my Nevada SQL server, if I visit one of those open port check websites, like canyouseeme.org, after implementing this, aren't they suppose to tell me that port 1433 is closed? They shouldn't be able to see that I have port 1433 open since they aren't part of my "allowed" IP addresses.... right?

Thanks!
0
 
LVL 5

Assisted Solution

by:tjc123
tjc123 earned 2000 total points
ID: 38853091
That's correct, because you are only allowing traffic from your California IIS server.

Edit:  it may say that the port is open, but no traffic can get in other than your IIS server.
0
 

Author Closing Comment

by:Wetjet
ID: 38853173
Thank you for the fast reply!
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

648 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question