Solved

Sonicwall port forwarding 1433 - Allow access from a single WAN ip for SQL server

Posted on 2013-02-04
4
4,871 Views
Last Modified: 2013-02-04
I've got a Sonicwall TZ 210, running enhanced firmware at my Nevada office.

I have a data center in California that has an IIS server that needs to connect to a SQL server in my Nevada office via port 1433. I have forwarded port 1433 using the public server wizard in my Sonicwall at my Nevada office.

I don't want to allow everybody to be able to see port 1433 as open, as I'll get a ton of people trying to hack my server. I'd like to restrict access to that port so only my public ip address at my CA office can access the SQL server at my NV office over port 1433.

There's gotta be some way to restrict the access by changing the "ANY" on the firewall rule...  I'm just not sure which part of the rule to change.

Thanks!
0
Comment
Question by:Wetjet
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
tjc123 earned 500 total points
ID: 38852739
Identify the external IP address assigned to your IIS server in your datacenter in California or figure out what your Nevada Sonicwall should expect to see when this server requests access to your SQL server.
Create an address object (Network - Address Objects - Add) for the external IP of your datacenter IIS server and choose WAN as the Zone Assignment and Host as the type.
Create an address object (Network - Address Objects - Add) for the internal IP of your Nevada SQL server and choose LAN as the Zone Assignment and Host as the type.
Create a firewall access rule (Firewall - Access Rules - Add) with the following settings.
Action:  Allow
From Zone:  WAN
To Zone:  LAN
Service:  SQL
Source:  (choose the address object you created for the IIS server)
Destination:  (choose the address object you created for the SQL server)
Leave the rest of the settings at default and click OK

Make sure to move this setting to the top of your list inside the Firewall - Access Rules - Matrix - WAN->LAN page by clicking the little up and down arrows at the right of the rule you created.
0
 

Author Comment

by:Wetjet
ID: 38853077
Thank you for your reply.
I've followed your instructions but I have a question. From my Nevada SQL server, if I visit one of those open port check websites, like canyouseeme.org, after implementing this, aren't they suppose to tell me that port 1433 is closed? They shouldn't be able to see that I have port 1433 open since they aren't part of my "allowed" IP addresses.... right?

Thanks!
0
 
LVL 5

Assisted Solution

by:tjc123
tjc123 earned 500 total points
ID: 38853091
That's correct, because you are only allowing traffic from your California IIS server.

Edit:  it may say that the port is open, but no traffic can get in other than your IIS server.
0
 

Author Closing Comment

by:Wetjet
ID: 38853173
Thank you for the fast reply!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question