Sign in
 
HomeLibraryLearnDownloadsTroubleshootingCommunityForums
SQL Server Developer Center >
Firewall port open

Отвечено Firewall port open

  • Tuesday, August 07, 2012 5:55 AM
     
     
    Sign In to Vote
    0
    Almost all our SQL servers are behind
    firewall. We have in house developed applications using these SQL
    servers.

    but I heard today from one of our developers he said one SQL
    server is setup exposed to outside, since the web application is accessed
    externally by parents of students. I don't quite understand what that means, now
    we need to set up a new SQL server like that.

    what I need to
    do?

    the developer told me in his application connection string, it can
    access the old server, but not the new server.
    do I need to open the port
    1433 in order for the application string to connect. ?

    But I know we have
    another SQL server used for web applications used for parents, I didn't open the
    port.

    What is the difference?

    In exact what occasion we need to
    open the port to outside firewall?


    Thanks

    SQLFriend

     

All Replies

  • Tuesday, August 07, 2012 6:32 AM
     
     
    Sign In to Vote
    0

    by default SQL Server Uses 1433 port , if 1433 port is not available  then SQL Server Dynamically occupies a port, to check which port is used by SQL Server, run xp_readerrorlog command in SSMS, check the scren shot attached

    my SQL Server uses 4806, just check you SQL Server error log,

    then  click on start ->Run->firewall.cpl-> add this port number in exception

    Ramesh Babu Vavilla MCTS,MSBI

     
  • Tuesday, August 07, 2012 12:18 PM
     
     
    Sign In to Vote
    0

    You need to open a port if you any one to connect SQL server using TCP IP.

    I will suggest to increase security:-

    1) Change the SQL server port from 1433 to other port so that no one know the exact port

    2) Open TCP/IP new port on which SQL server run

    Please click the Mark as Answer or Vote As Helpful if a post solves your problem or is helpful!


     
  • Tuesday, August 07, 2012 12:54 PM
     
     
    Sign In to Vote
    0

    Hi,

    If you want to allow access to your SQL Server from the internet, please follow these rules:

    • Set up a static port for the external IP address for your SQL Server using the SSCM,
    • Do not use the default 1433 port,
    • Use encryption for your connection (self-signed SSL is also good for that),
    • Open the configured TCP port only,
    • set up intrusion detection on your FW,
    • use packet filtering on your FW.

    Please not that the only authentication method is SQL authentication, so protecting the passwords and user id's are essential, encryption is a MUST at the connection and client application configuration level.

    I hope it helps.

    Janos

    There are 10 type of people. Those who understand binary and those who do not.

    My Blog | Hire Me

     
  • Tuesday, August 07, 2012 6:45 PM
     
     Answered
    Sign In to Vote
    1

    Just because the web app is accessed externally, does not mean that SQL Server has to be exposed on the Internet.

    When you open ports in the firewall, open it only for the web server, not the whole wide world.

    As others have said, by default SQL Server listens to port TCP 1433, but this applies only to default instances. A named instance listens to a dynamically selected port. The connecting client gets to know this port by asking on UDP 1434.

    If you have a named instance, it's better to set a static port, so that you know it does not change. (Not that these dynamic port changes at whim.) The application should then use the port number rather the instance name in the connection string, so you don't have to bother about that port.

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se