Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Scott
Posting Yak Master
145 Posts |
 Posted - 2003-06-13 : 05:01:09
|
| I need to install a SQL Server at a client in their DMZ. This server then needs to talk to other servers on the LAN through a DMZ pinhole. The client's security chaps don't want the SQL Server in the DMZ to use the default ports, Slammer & future worms etc. Any comments advice on the above? If the DMZ server uses non-standard ports can it talk to other servers that use standard ports? If not can the other server listen on both it's standard port and the non-standard one?ThanksScott |
|
|
SamC
White Water Yakist
3467 Posts |
Posted - 2003-06-13 : 06:59:26
|
| It's pretty easy to change the port. In Enterprise Manager, look at the Server Properties. You'll find it.However, any program / worm ought to be able to scan the ports looking for an opening..Sam |
 |
|
|
Andraax
Aged Yak Warrior
790 Posts |
Posted - 2003-06-13 : 07:44:25
|
| The "Best Practice" way is that all traffic from DMZ to internal networks is blocked. The servers on the internal networks should be the ones to initiate connections to the DMZ. I know this takes some thinking and changing of infrastructure design, but it's what I would call "best practice". |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2003-06-13 : 12:26:04
|
| You should not use port 1433 in the DMZ. Pick a different port. To change the port that SQL Server listens on, just use the Server Network Utility found in the Microsoft SQL Server program group. Yes the server can talk to other servers that are on non-standard ports and talk to other severs that are on the standard port. You will most likely need to create an alias to talk to servers on non-standard ports as well as do the same for this server. Servers outside of the dmz should not be able to talk to the server inside the dmz unless a specific firewall rule is setup. Same goes for client machines. The server inside the dmz will be able to talk to other servers inside the dmz without making any changes.Tara |
|
|
|
|
|
|
SQL ports