-1

I'm trying to configure my Win server firewall to only allow connections to SQL from our app server. I've even changed the port to a non-deafult. It works fine so that the app server can access it, but I can also access SQL from my own machine when I'm on the VPN.

What am I missing?

Here is my settings:

(first image were added with an edit) enter image description here

enter image description here

enter image description here

enter image description here

But then from my personal machine, whose name and IP is not in the list, it get this: enter image description here

Cameron Castillo
  • 49
  • 4
  • Pleae refer this : https://manage.accuwebhosting.com/knowledgebase/2984/How-to-configure-the-Windows-Firewall-to-allow-only-specific-IP-Address-to-connect-your-ports.html – Hiren Parghi Jun 04 '21 at 09:50
  • Thanks. I had a look and all my settings are as per that post. I have also now added a new image should someone be able to spot anything that is wrong. – Cameron Castillo Jun 04 '21 at 13:23
  • in the third screen capture, you have added port 20999 into local port option. Please add it in the remote port >> Specified port and check again. – Hiren Parghi Jun 04 '21 at 15:53
  • Thanks for suggestion. I've added it, but I can still access SQL from my local machine. I've also updated the screenshot. – Cameron Castillo Jun 07 '21 at 08:29
  • Firewalls block traffic by default. This system has rule(s) that are allowing the access. You know this because you are able to access the host without the rule that you created. That's what you need to find. Also the rule you created, the "Allow connection if it is secure" is typically used in environments where host-based IPSEC is used. – Greg Askew Jun 08 '21 at 16:43
  • Based on answers and comments, I have added a rule to block everything and the 2nd rule to only allow from one machine. Also updated the 1st image. My local machine still have access. – Cameron Castillo Jun 14 '21 at 09:32

2 Answers2

0

Have you considered blocking all access and allowing named IPs from inside your environment? This would ensure only specified hosts can access your database.

t3ln3t
  • 434
  • 2
  • 8
  • Just to make sure I understand correctly: are you suggesting that we create another rule that blocks all access to the port, and then the 2nd rule to allow access to the one server? How will the 2nd rule differ from my screenshots? – Cameron Castillo Jun 08 '21 at 08:11
0

Please make sure that you are blocking the inbound ports first , than remove the details for remote computer tab.

VIX
  • 76
  • 1