jdff
asked on
SQL ports
I'm in need to lock down communication from our web server to the sql server, and I'm having a hard time to lock down the ports. The web server is establishing a connection via 192.168.10.200:49528 to the SQL how can I SQL to be available only through 1433?
ASKER
Can you provide me instructions on how to do it?
It is very simple.
Go onto SQL Manager/ Select Right Click and Disable
Disable SQL Browser: SQL Browser is a service running on 1434 aiming at resolving non TCIP IP access. Simply identify the service on SQL Manager, right click and disable from the pop up menu.
Note the server won't be accessible anymore using Shared Pipes anymore once you do that.
Go onto SQL Manager/ Select Right Click and Disable
Disable SQL Browser: SQL Browser is a service running on 1434 aiming at resolving non TCIP IP access. Simply identify the service on SQL Manager, right click and disable from the pop up menu.
Note the server won't be accessible anymore using Shared Pipes anymore once you do that.
Sorry by "SQL Manager" I meant "SQL Config Manager " It is a program you will find in your SQL Server menu.
Shortcut is the following for opening the program(simply type in): SQLSERVERMANAGER11.msc (SQL 2012)
Is there more than one SQL Server on 192.168.10.200? Because MSSQL only chooses a different port from 1433 if that port is used already.
If port 1433 is unused, than you can set up a fixed port in the SQL Config Manager in TCP/IP properties, in the region of IPAll.
If port 1433 is unused, than you can set up a fixed port in the SQL Config Manager in TCP/IP properties, in the region of IPAll.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you provide more information?
How many SQL Server instances are installed in the server? And versions and editions of each instance?
Also, disabling SQL Server Browser service isn't a good idea. Your applications may stops working.
The best thing you can do is check in the SQL Server Configuration Manager if the MSSQL instance is using dynamic port or not. If it is, just change it to use a static port. You can set it providing a port number that isn't in use by another MSSQL instance or application.
How many SQL Server instances are installed in the server? And versions and editions of each instance?
Also, disabling SQL Server Browser service isn't a good idea. Your applications may stops working.
The best thing you can do is check in the SQL Server Configuration Manager if the MSSQL instance is using dynamic port or not. If it is, just change it to use a static port. You can set it providing a port number that isn't in use by another MSSQL instance or application.
<<Your applications may stops working.>>
True thanks for the word of caution. I should have mentioned that I assumed this is an OFFLINE operation so apologies if disabling shared pipes created any problem.
As the OP mentioned he needs to lockdown access from the front web server so if we can assume this is OFFLINE operation just do as I said. If not, the OP will have to work with Shared Pipes activated.
In any case, any change in TCP IP configuration will require a service restart and get you to the OFFLINE status. This kind of changes are better done OFFLINE.
True thanks for the word of caution. I should have mentioned that I assumed this is an OFFLINE operation so apologies if disabling shared pipes created any problem.
As the OP mentioned he needs to lockdown access from the front web server so if we can assume this is OFFLINE operation just do as I said. If not, the OP will have to work with Shared Pipes activated.
In any case, any change in TCP IP configuration will require a service restart and get you to the OFFLINE status. This kind of changes are better done OFFLINE.
ASKER
I'm going to make the restriction this week and let you guys know, thanks for the help so far.
Disable all protocols but TCPIP. Disable SQL Browser Service.