Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Accessing Internet

Status
Not open for further replies.
twdave

twdave

IS-IT--Management
Feb 18, 2004
32
US
I have a SQL Server machine that is not able to access the internet. Obviously I would like to keep this machine hidden, but would like to be able to get to the MS site for Windows updates, etc.

Should this machine have the ability to connect to the internet for downloads? If so - I can't find where it is explicitly stated that it cannot access, so what should I look for? And, will allowing this machine to access the internet cause openings to the SQL data? If this machine should not have access, then what's the best way to manage Windows updates and the like?

Thanks. I'm still new to PIX, so I'm learning.
 
Sort by date Sort by votes
All you have to do is setup access lists for which ports you wish to enable on the PIX its very easy I could show you if you like I am very proficent with PIX
 
Upvote 0 Downvote
Just to clarify - I'm looking for outbound access only.

I cannot figure out if I need static or nat, but if you think it's an access list, then yes, please provide me with an example. I don't have specific information handy - it's at work.

Thanks!
 
Upvote 0 Downvote
If you only allow an outbound connection to the internet then you should be good to go without worry of someone getting your data. You could even get restrictive and only allow outbound traffic for that IP to the Microsoft update servers. Post your config and just mark out the info you dont want us to see.
 
Upvote 0 Downvote
In our ISP network we don't allow some of our more critical servers direct access to the Internet for fear it downloads malicious Java applets/viruses etc. Admittedly this is unlikely to happen if you only fo the MS Update site.

I guess you could do one of 2 things if you don't want the server to have unsoliciated access to the Internet:

1. Force it to use a local proxy server instead.
2. Configure the access list on the PIX so that it can only talk HTTP to IP addresses of known, good websites that it needs access too. This approach could become a burden further down the line however as service providers can change their IP addresses for their servers in DNS at any time (whilst the URL stays the same).
 
Upvote 0 Downvote
This is probably more than you want to do, but setting up a WSUS server to manage all your updates and then just point the SQl server at that server it won't ever have to access the net. Just a thought.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

alex1002
  • Locked
  • Question
Sonicwall SSLVPN very slow Throughput accessing network files
Replies
1
Views
136
alex1002
alex1002
RMurr34
  • Locked
  • Question
No Internet Access if no static map
Replies
0
Views
48
RMurr34
RMurr34
ttrsux
  • Locked
  • Question
No internet access on new LAN eth0/2 1
Replies
6
Views
132
iggsterman
iggsterman
r15gsy
  • Locked
  • Question
Juniper ns5gt internet keeps being stopped
Replies
1
Views
61
r15gsy
r15gsy
USER380
  • Locked
  • Question
Free Internet control program ... a replacment to pareto logic ?
Replies
0
Views
52
USER380
USER380

Part and Inventory Search

Sponsor

Back
Top