SQL Server Port 1433 Questions 1

[georgewong237]

Dear all:
I have 2 SQL2k servers running under different win2k servers. In fact, they are locate at different location and in between there is a firewall. I would like to block all the incoming ports except 1433, will it works while this 2 SQL servers talk or update to each others. Since I'm not sure source and target ports will only use 1433 or more. Otherwise what can I do in firewall?
BRS
George

 

[mrdenny]

The only port you should need between the servers is 1433.

Denny

--Anything is possible. All it takes is a little research. (Me)

 

[georgewong237]

Dear mrdenny:
I have used the netstat to monitor the server, the source port may not using 1433 port but the target will be 1433. Thus, how can I block those ports which distribute from the server.
Here is the message after netstat:
local address Foreign Address Status
192.168.0.1:2435 192.168.1.1:1433 Establish
Thus it will use other port from the source while target still using 1433
Please advise
BRs
George

 

[mrdenny]

The port being used on the source server will be an available port over 1024. The connection will always be estabilished to port 1433.

You should be able to set your firewall to allow account from 192.168.0.1 to 192.168.1.1:1433 on any port, and use that connection to trigger the firewall to allow data back from 192.168.1.1:1433 to the port on 192.168.0.1 that is making the connection.

Keep in mind that I'm not a firewall expect, I'm a DBA. You'll want to check with your firewall vendor for the specifics, or your security engineer.

Denny

--Anything is possible. All it takes is a little research. (Me)