Solved

SQL ports

Posted on 2014-12-20
10
87 Views
Last Modified: 2015-07-12
I'm in need to lock down communication from our web server to the sql server, and I'm having a hard time to lock down the ports. The web server is establishing a connection via 192.168.10.200:49528 to the SQL how can I SQL to be available only through 1433?
0
Comment
Question by:jdff
10 Comments
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40511108
<<how can I SQL to be available only through 1433?>>
Disable all protocols but TCPIP.  Disable SQL Browser Service.
0
 

Author Comment

by:jdff
ID: 40511267
Can you provide me instructions on how to do it?
0
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40511393
It is very simple.

Go onto SQL Manager/  Select Right Click and Disable
Disable SQL Browser:  SQL Browser is a service running on 1434 aiming at resolving non TCIP IP access.  Simply identify the service on SQL Manager, right click and disable from the pop up menu.  

Note the server won't be accessible anymore using Shared Pipes anymore once you do that.
0
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40511394
Sorry by "SQL Manager" I meant "SQL Config Manager "  It is a program you will find in your SQL Server menu.
0
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40511405
Shortcut is the following for opening the program(simply type in): SQLSERVERMANAGER11.msc (SQL 2012)
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 68

Expert Comment

by:Qlemo
ID: 40511580
Is there more than one SQL Server on 192.168.10.200? Because MSSQL only chooses a different port from 1433 if that port is used already.
If port 1433 is unused, than you can set up a fixed port in the SQL Config Manager in TCP/IP properties, in the region of IPAll.
0
 
LVL 23

Accepted Solution

by:
Racim BOUDJAKDJI earned 500 total points
ID: 40511602
<<Is there more than one SQL Server on 192.168.10.200? Because MSSQL only chooses a different port from 1433 if that port is used already.>>
On single instance, generally installed as a default instance (vs named instance) only 1433 is activated by default for TCP IP.  By default also, SQL Server will attempt to resolve  connectivity thanks to the Browser Service using UDP port 1434.  To be sure the client connects only through TCP IP, it is good practice to switch off Browser Service protocols and service and change the port from 1433 to something else.  One can then connect by entering the IP followed by a comma as 243.35.37.347, 3544.  One can finally either specify a local alias on that port or directly enter a new entry in a DNS routing scheme in centralized DNS.

<<If port 1433 is unused, than you can set up a fixed port in the SQL Config Manager in TCP/IP properties, in the region of IPAll.>>
Actually, one can specify as many ports as necessary by entering each port separated by a comma.
0
 
LVL 46

Expert Comment

by:Vitor Montalvão
ID: 40512718
Can you provide more information?
How many SQL Server instances are installed in the server? And versions and editions of each instance?
Also, disabling SQL Server Browser service isn't a good idea. Your applications may stops working.
The best thing you can do is check in the SQL Server Configuration Manager if the MSSQL instance is using dynamic port or not. If it is, just change it to use a static port. You can set it providing a port number that isn't in use by another MSSQL instance or application.
0
 
LVL 23

Expert Comment

by:Racim BOUDJAKDJI
ID: 40512872
<<Your applications may stops working.>>
True thanks for the word of caution.  I should have mentioned that I assumed this is an OFFLINE operation so apologies if disabling shared pipes created any problem.

As the OP mentioned he needs to lockdown access from the front web server so if we can assume this is OFFLINE operation just do as I said.  If not, the OP will have to work with Shared Pipes activated.  

In any case, any change in TCP IP configuration will require a service restart and get you to the OFFLINE status.  This kind of changes are better done OFFLINE.
0
 

Author Comment

by:jdff
ID: 40540949
I'm going to make the restriction this week and let you guys know, thanks for the help so far.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
network error 8 35
Sonicwall blocks a site 49 56
T-SQL: "SELECT TOP 100 PERCENT" is not as easy to use as the books make it out to be!!! 5 23
Sql Count with Select Distinct 4 27
Introduction SQL Server Integration Services can read XML files, that’s known by every BI developer.  (If you didn’t, don’t worry, I’m aiming this article at newcomers as well.) But how far can you go?  When does the XML Source component become …
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now