Friday, June 17, 2011

How to communicate to SQL Server through a Firewall?

Firewall systems prevent unauthorized access to computer resources. To access an instance of the Microsoft SQL Server Database Engine through a firewall, you must configure the firewall on the computer running SQL Server to allow access.

There are many firewall systems available. For information specific to your system, see the firewall documentation.

Opening ports in your firewall can leave your server exposed to malicious attacks.
Make sure that you understand firewall systems before you open ports.
Some of the TCP Ports needed for communication to SQL Server through a Firewall. You need to add these ports and services to the firewall exception list.

By default, Microsoft Windows XP Service Pack 2 enables the Windows Firewall, which closes port 1433 to prevent Internet computers from connecting to a default instance of SQL Server on your computer. Connections to the default instance using TCP/IP are not possible unless you reopen port 1433. The basic steps to configure the Windows XP firewall are provided in the following procedures. For more information, see the Windows documentation.

To open a port in the Windows firewall for TCP access
1.   In Control Panel, open Network Connections, right-click the active connection, and then click Properties.
2.   Click the Advanced tab, and then click Windows Firewall Settings.
3.   In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Port.
4.   In the Add a Port dialog box, in the Name text box, type SQL Server <instance name>.
5.   In the Port number text box, type the port number of the instance of the Database Engine, such as 1433 for the default instance.
6.   Verify that TCP is selected, and then click OK.
7.   To open the port to expose the SQL Server Browser service, click Add Port, type SQL Server Browser in the Name text box, type1434 in the Port Number text box, select UDP, and then click OK.
Note:To allow named pipes access through the firewall, you must also enable File
and Printer Sharing through the firewall. 
8.   Close the Windows Firewall and the Properties dialog boxes.

Click Add Program in the Windows Firewall dialog box for additional options, such as granting access to specific programs and restricting access to certain IP addresses or network subnets.

As an alternative to configuring SQL Server to listen on a fixed port and opening the port, you can list the SQL Server executable (Sqlservr.exe) as an exception to the blocked programs. Use this method when you want to continue to use dynamic ports. Only one instance of SQL Server can be accessed in this way.

To access a program through the Windows firewall
1.  In the Windows Firewall dialog box, on the Exceptions tab, click Add Program.
2.  Click Browse, and navigate to the instance of SQL Server that you wish to access through the firewall,and then click Open. By default SQL Server is at C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Sqlservr.exe.
3.   Click OK twice to close the Windows firewall program.

Error Message 8: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (Provider: TCP Provider, error: 0-A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.)
Cause: Due to connection blocked by Windows firewall.
Troubleshoot: To resolve this, take follow steps:
1.  Enable SqlBrowser
2.  Add SqlSERVR.exe into Firewall exception list
3.  Add SqlBROWSER.exe into Firewall exception list
4.  Add Tcp port to Firewall exception list. 
     (eg, Name-1433:TCP, Value-1433:TCP:*:Enabled:Tcp 1433).
5.  If you are using some third party firewall then contact the vendor for more detail.
6.  For more detail please see the related links.

Related links:

    No comments:

    Post a Comment