?
Solved

Sonicwall port forwarding 1433 - Allow access from a single WAN ip for SQL server

Posted on 2013-02-04
4
Medium Priority
?
5,197 Views
Last Modified: 2013-02-04
I've got a Sonicwall TZ 210, running enhanced firmware at my Nevada office.

I have a data center in California that has an IIS server that needs to connect to a SQL server in my Nevada office via port 1433. I have forwarded port 1433 using the public server wizard in my Sonicwall at my Nevada office.

I don't want to allow everybody to be able to see port 1433 as open, as I'll get a ton of people trying to hack my server. I'd like to restrict access to that port so only my public ip address at my CA office can access the SQL server at my NV office over port 1433.

There's gotta be some way to restrict the access by changing the "ANY" on the firewall rule...  I'm just not sure which part of the rule to change.

Thanks!
0
Comment
Question by:Wetjet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
tjc123 earned 2000 total points
ID: 38852739
Identify the external IP address assigned to your IIS server in your datacenter in California or figure out what your Nevada Sonicwall should expect to see when this server requests access to your SQL server.
Create an address object (Network - Address Objects - Add) for the external IP of your datacenter IIS server and choose WAN as the Zone Assignment and Host as the type.
Create an address object (Network - Address Objects - Add) for the internal IP of your Nevada SQL server and choose LAN as the Zone Assignment and Host as the type.
Create a firewall access rule (Firewall - Access Rules - Add) with the following settings.
Action:  Allow
From Zone:  WAN
To Zone:  LAN
Service:  SQL
Source:  (choose the address object you created for the IIS server)
Destination:  (choose the address object you created for the SQL server)
Leave the rest of the settings at default and click OK

Make sure to move this setting to the top of your list inside the Firewall - Access Rules - Matrix - WAN->LAN page by clicking the little up and down arrows at the right of the rule you created.
0
 

Author Comment

by:Wetjet
ID: 38853077
Thank you for your reply.
I've followed your instructions but I have a question. From my Nevada SQL server, if I visit one of those open port check websites, like canyouseeme.org, after implementing this, aren't they suppose to tell me that port 1433 is closed? They shouldn't be able to see that I have port 1433 open since they aren't part of my "allowed" IP addresses.... right?

Thanks!
0
 
LVL 5

Assisted Solution

by:tjc123
tjc123 earned 2000 total points
ID: 38853091
That's correct, because you are only allowing traffic from your California IIS server.

Edit:  it may say that the port is open, but no traffic can get in other than your IIS server.
0
 

Author Closing Comment

by:Wetjet
ID: 38853173
Thank you for the fast reply!
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
What You Need to Know when Searching for a Webhost Provider
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question