April 5, 2005 at 11:14 pm
I have a SQL server in 192.168.168.100. Our network has both VPN and Firewall.
My goal is to setup our Firewall so only the inside computers can access the SQL server. But all the outside computers can not access the Server. The inside computers mean the computers that connect to the network directly. The outside computers mean the computers that connect to the network via VPN. How can I setup the Firewall to achieve my goal?
We tried the following steps, but it does not work. Acutally, both the inside and outside computers can access the SQL server.
1. Turn off the Name Pipe connection in 192.168.168.100, only allow TCP connection with default port 1433.
2. Create a service in firewall with TCP:1433
3. Create a rule to deny the above service. Soure: LAN: *, Target: LAN:192.168.168.100. And this rule has first priority.
When I use "netstat -an" command, I can still see the following connection:
TCP 192.168.168.201:3636 192.168.168.100:1433 ESTABLISHED
Any suggestion? Thanks.
April 6, 2005 at 6:35 am
I suggest contact you VPN support. Is the VPN server the same as the firewall or is it exposed on the firewall and is a seperate device?
April 6, 2005 at 7:58 am
The VPN and firewall are in the same server and from the same vendor: SonicWall.
April 7, 2005 at 12:48 pm
Do the "External" machines all fall within the same IP range? (Most VPN devices work this way, but ya never know...)
Steve G.
April 7, 2005 at 1:10 pm
Yes. They are in the same range 192.168.168.*.
After speaking w/ SonicWall, it turns out that there is option "Apply NAT and Firewall Rules" in VPN settings that we should use.
We are still testing the option. But it is likely the reason: the option should be turned on, so the "External" machines are affected by the firewall rule!
Thanks.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply