Firewall port open

Question

Almost all our SQL servers are behind
firewall. We have in house developed applications using these SQL
servers.

but I heard today from one of our developers he said one SQL
server is setup exposed to outside, since the web application is accessed
externally by parents of students. I don't quite understand what that means, now
we need to set up a new SQL server like that.

what I need to
do?

the developer told me in his application connection string, it can
access the old server, but not the new server.
do I need to open the port
1433 in order for the application string to connect. ?

But I know we have
another SQL server used for web applications used for parents, I didn't open the
port.

What is the difference?

In exact what occasion we need to
open the port to outside firewall?


Thanks

---

SQLFriend

Answer 1

by default SQL Server Uses 1433 port , if 1433 port is not available  then SQL Server Dynamically occupies a port, to check which port is used by SQL Server, run xp_readerrorlog command in SSMS, check the scren shot attached

my SQL Server uses 4806, just check you SQL Server error log,

then  click on start ->Run->firewall.cpl-> add this port number in exception

---

Ramesh Babu Vavilla MCTS,MSBI

Answer 2

You need to open a port if you any one to connect SQL server using TCP IP.

I will suggest to increase security:-

1) Change the SQL server port from 1433 to other port so that no one know the exact port

2) Open TCP/IP new port on which SQL server run

---

Please click the Mark as Answer or Vote As Helpful if a post solves your problem or is helpful!

Answer 3

Hi,

If you want to allow access to your SQL Server from the internet, please follow these rules:

• Set up a static port for the external IP address for your SQL Server using the SSCM,
• Do not use the default 1433 port,
• Use encryption for your connection (self-signed SSL is also good for that),
• Open the configured TCP port only,
• set up intrusion detection on your FW,
• use packet filtering on your FW.

Please not that the only authentication method is SQL authentication, so protecting the passwords and user id's are essential, encryption is a MUST at the connection and client application configuration level.

I hope it helps.

Janos

---

There are 10 type of people. Those who understand binary and those who do not.

My Blog | Hire Me

Answer 4

Just because the web app is accessed externally, does not mean that SQL Server has to be exposed on the Internet.

When you open ports in the firewall, open it only for the web server, not the whole wide world.

As others have said, by default SQL Server listens to port TCP 1433, but this applies only to default instances. A named instance listens to a dynamically selected port. The connecting client gets to know this port by asking on UDP 1434.

If you have a named instance, it's better to set a static port, so that you know it does not change. (Not that these dynamic port changes at whim.) The application should then use the port number rather the instance name in the connection string, so you don't have to bother about that port.

---

Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se