Firewall Problem with SQL Server | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

Firewall Problem with SQL Server

Hi., I have this problem. I have a server with SQL Server and some other part of the building has another one, the thing is the other person is suposed to access our SQL Server and Update some Fields on the server, but There is a big Firewall between them, I have the user part in SQL coverd up, but wich ports do I have to open in the firewall in order to let him accees ONLY SQL Server?<br /><br />Thanks <img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ /><br /><br />German [<img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ />]
You need to open up for inbound tcp on the port sql is listening on, by default 1433. If you use distributed transactions you need to open other ports as well.
ok. and what are those other ports?<br /><br />German [<img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ />]
If you use MSDTC you need to limit the ports manually in the registry. INFO: Configuring Microsoft Distributed Transaction Coordinator (DTC) to Work Through a Firewall
http://support.microsoft.com/default.aspx?scid=kb;EN-US;250367
Have you done that? It’s more complex than I’d imagine, but if you’ve done it, do you know if that must be done on both servers? or Just 1 of them?<br /><br />German [<img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ />]
Referred KBA highlights :
Follow these steps to control RPC dynamic port allocation. You will have to do this on both computers. Note also that the firewall mustbe open in both directions for the specified ports. Moreover, its a high level job and if you’re unsure about registry settings take help from network admin or review information referred in the above KBA about registry details. And above part refers to MSDTC alone. Basically you have to open up the ports that SQL Server uses. If you’ve done this and it still doesn’t work then look at the firewall logs to see what packets it is dropping or do a network trace either side of the firewall to see what packets are not getting through. (You may want to disable/allow all through the firewall during testing to see what extra packets are allowed through). This KBA refershttp://support.microsoft.com/support/kb/articles/q287/9/32.asp for TCP port communication to SQL through firewall. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
[xx(] Well that quite said it for me. Not posible is the answer, I’ll never get the people on the other server to do the same, they’re to lazy, and I don’t think I can get my boss to give complete access to the other people on the firewalls, any Ideas on what can work? I only need them to execute a Stored Procedure with some parameters, that’s quite all I need, is all this really needed just to execute a SP[<img src=’/community/emoticons/emotion-6.gif’ alt=’:(‘ />]<br /><br />Thanks [<img src=’/community/emoticons/emotion-2.gif’ alt=’:D‘ />]<br /><br />German [<img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ />]
If you can enable the connection between 2 SQL Server thru firewall then only you can be able to execute the SP vice-versa. If you deal with transactions in the SP then follow KBA referred by Argyle if not review information on the second KBA about TCP communication between SQL server thru firewall and work it out.
Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
]]>