August 6, 2012 at 7:47 pm
Almost all our SQL servers are behind firewall. We have in house developed applications using these SQL servers.
but I heard today from one of our developers he said one SQL server is setup exposed to outside, since the web application is accessed externally by parents of students. I don't quite understand what that means, now we need to set up a new SQL server like that.
what I need to do?
the developer told me in his application connection string, it can access the old server, but not the new server.
do I need to open the port 1433 in order for the application string to connect. ?
But I know we have another SQL server used for web applications used for parents, I didn't open the port.
What is the difference?
In exact what occasion we need to open the port to outside firewall?
Thanks
August 7, 2012 at 3:28 am
Existing server on a VLAN which is not behind the firewall?
Yes you will need to open the port SQL runs on and if its a dynamic port, set it to a static port and open the bowser port as well so it can direct the traffic as needed.
August 7, 2012 at 4:49 am
that sql server should not be exposed to the internet, but simply accessible to the webserver; only the web server would have an outward facing ip.
Lowell
August 7, 2012 at 9:52 am
The SQL server is behind the firewall.
The developer said the web server is outside of the firewall. ( I doubt this is right or not)
Should the web server be outside firewall if want external people like parents access it?
If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?
I am a little confused about the security.
Thanks
August 7, 2012 at 10:52 am
hard to give any good advice, so many details will have to be found out;
the web server is probably in it's own DMZ, on a differnet subnet than the normal LAN; we had a setup like that where we added a VPN from the web server to access a different SQL server than the one that exists inside the DMZ; you could look into doing something similar.
Lowell
August 7, 2012 at 1:34 pm
sqlfriends (8/7/2012)
The SQL server is behind the firewall.The developer said the web server is outside of the firewall. ( I doubt this is right or not)
Should the web server be outside firewall if want external people like parents access it?
If web server is outside firewall, sql server is inside firewall, do we need to do something like open port 1433 through firewall?
I am a little confused about the security.
Thanks
You can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.
Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
August 7, 2012 at 1:52 pm
[quote-0You can put both the webserver and the sql server on the internal network, with this configuration you would need to employ a reverse proxy. This can be quite secure and provide good performance when set up correctly.
Putting the webserver outside the internal LAN in your DMZ is a typical configuration and would require TCP ports to be opened. If you're smart you'll change the sql server instance port to something non standard and use the IP\port in the webserver connection string. This will negate the need to open the SQL Server browser ports.[/quote-0]
This explains clearly, thanks.
We have a SQL server 2000 in windwos erer 2003 configured like that, how can I check in it, what port is configured and to see if it is opened through firewall?
August 7, 2012 at 1:57 pm
you're using SQL Server 2000?
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
August 7, 2012 at 2:00 pm
We are using SQL server 2008 and R2.
But we have only one 2000 server has some applications developed using Java.
And we want to migrate database to 2008 server.
I would like to setup a server with port opening configured like the old one.
so would like to know how to check that in old server
August 7, 2012 at 2:07 pm
For SQL Server 2000 you need to use the client network utility to check the port number. You could also use the netstat command to identify which port the SQL instance is listening on
netstat -an
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
August 7, 2012 at 2:12 pm
Thanks, I see it has a tcp/ip port of 1433.
But how can I know this port is opened through firewall?
August 7, 2012 at 2:37 pm
sqlfriends (8/7/2012)
Thanks, I see it has a tcp/ip port of 1433.But how can I know this port is opened through firewall?
get your firerwall admin to check the rules 😉
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
August 8, 2012 at 2:53 pm
I checked with a network admin, he emailed me :
The web server is in a DMZ that is outside firewall.
Then he setup in firewall to expose the SQL server to internet hosted Web server.
I don't see anything done from SQL server end.
I wonder if it is a good approach, as I don't know about windows firewall.
August 8, 2012 at 3:28 pm
sqlfriends (8/8/2012)
I don't see anything done from SQL server end.
you won't
sqlfriends (8/8/2012)
I wonder if it is a good approach, as I don't know about windows firewall.
nothing to do with windows firewall, there is almost certainly a dedicated hardware firewall which has had a rule applied to allow traffic over a port\ports from point a to point b
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
August 8, 2012 at 3:43 pm
Thanks so much.
I thought this is done from SQL server windows firewall.
For I see some articles online like this one http://support.microsoft.com/kb/968872
Isn't it to run on SQL server?
I would rather let our network security admin to do the expose to internet thing.
Viewing 15 posts - 1 through 15 (of 16 total)
You must be logged in to reply to this topic. Login to reply