Re: ISA and SQL2000

From: Phillip Windell (_at_.)
Date: 12/23/04

Next message: Phillip Windell: "Re: Regarding Unidentified IP Traffic - Denied Connection"
Previous message: Phillip Windell: "Re: ISA 2004 Logs"
In reply to: Scott: "ISA and SQL2000"
Next in thread: Scott: "Re: ISA and SQL2000"
Reply: Scott: "Re: ISA and SQL2000"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 23 Dec 2004 09:55:25 -0600

"Scott" <Scott@discussions.microsoft.com> wrote in message
news:C28D8C3C-187A-4F91-90C6-8C5E46B6FCAC@microsoft.com...
> 1433. I would like to place an ISA server in a DMZ (or perimeter in front
of
> the SQL server) and have the ISA listen on port 1433 and possibly redirect
> the requests internally to the SQL Server (which will not be exposed to
the
> Internet). Is this possible? If so, what steps would you recomend I use to
> get started?
>
> On a related note, I run a Event Log Manager that alerts me of 1000+
> attempts to log onto my SQL Server from the Internet due to the exposed
port.
> Would this be stopped if ISA is in front of the SQL server?

Ok. Here's what I think you are asking. You want a Back-to-Back DMZ with ISA
as the "inner" firewall between the LAN and DMZ. You want machines on the
DMZ to get to the SQL on the LAN but not have Internet Users do the same.
Assuming this is correct....

1. Eliminate any existing Static NAT or One-to-One NAT being performed by
the "outer" Firewall to the SQL Server

2. Assuming ISA2004, right click on Firewall Policy, choose New, then Server
Publishing Rule. Follow the prompts to create the Publishing rule for the
Internal SQL Server. This will publish it to the External Nic of the ISA.

3. Contact the SQL from the DMZ by treating the ISA as if it was the SQL
Server. As long as the "outer" Firewall does not do any Static or
One-to-One NAT for SQL back to the ISA's External Nic,...the SQL Server will
not be accessable from the Internet.

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Next message: Phillip Windell: "Re: Regarding Unidentified IP Traffic - Denied Connection"
Previous message: Phillip Windell: "Re: ISA 2004 Logs"
In reply to: Scott: "ISA and SQL2000"
Next in thread: Scott: "Re: ISA and SQL2000"
Reply: Scott: "Re: ISA and SQL2000"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Web-based software update
... > firewall and therefore cannot be accessed directly from a Delphi ... Open the firewall to allow SQL Server traffic to pass through. ... Without using a VPN, ... you still have open data flowing over the internet, ...
(borland.public.delphi.thirdpartytools.general)
Re: Port Forwarding
... >> If you still can't access internet check the proxy settings in IE. ... >> DO NOT install the firewall client on the server. ... >>> Just installed SQL Server and ISA. ...
(microsoft.public.windows.server.sbs)
Re: I have a matter with symantec enterprise firewall
... A SQL Server exposed to the Internet at large? ... Symantec Enterprise ... must, put the PRODUCTION SQL Server outside the enterprise firewall (i.e., ...
(comp.security.firewalls)
Re: connecting to SQL Server 2000 from a VB.net app using ADO.net
... In terms of connectivity issues over the Internet, firewall ... TCP Ports Needed for Communication to SQL Server ... I can't create a remote connection in Enterprise Manager. ...
(microsoft.public.sqlserver.connect)
Re: Best Pratice-Remore ADO Access
... > end app will be installed on clients and the SQL Server ... > use the Internet to move data back and forth. ... >> data over a WAN connection to a SQL Server. ... >> INSERT clause would be the most efficient method, ...
(microsoft.public.vb.database.ado)