Firewall config for access to remote databases at another network/domain from SSMS client

Question

Firewall config for access to remote databases at another network/domain from SSMS client

carsten.jorgensen

SSC Enthusiast

Points: 166
More actions
July 22, 2010 at 4:23 am

#237994

Hi,
We would like to access remote SQL server 2008 databases from SSMS (SQL Server Management Studio) on our client workstations.
This access includes Database Engine, Analysis Services, Integration Services and Reporting services.
The case is that our client workstations are at a different network and domain than the database servers.
I have found out, that we can connect to SSMS from a command prompt - and thereby connect with a domain and user that is know by the db server:
RUNAS /user:domain\user /netonly "C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"
Our problem is now our firewall.
We have a company policy saying that we should only open specific ports (not all ports).
We have tried to open specific ports.
But whenever we open a new port, we are rejected on another on a new port. So it seems that random ports are used - at least to some extend.
a)
Does anybody have a survey of the ports that SSMS uses against the 4 services ?
b)
Is it possible to narrow down the number of ports being used - and how ?
Best regards
Carsten

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

Lowell SSC Guru Points: 323518 More actions · Answer 1

well I know about the listening port for SQL Server...the other services, I'll await other more knowledgable users to chime in.

the default instance uses port 1433 until you change it.

additional instances use a dynamic port, which is handed off by the sql browser. you can change it to use a static port with the SQL 2005 configuration manager:

you would erase the dynamic port and put in a specific port below it you want the service to answer.

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Perry Whittle SSC Guru Points: 234013 More actions · Answer 2

Lowell pretty much has the take here, dynamic ports on sql server instances will give the issues you are seeing only upon instance restart though!

Depending on how you connect you may also need port 1434 (UDP) to feed the browser service

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" 😉

Roy Ernest SSC-Dedicated Points: 38780 More actions · Answer 3

UDP port 1434 is needed if you want to use SSMS to connect to the remote DB.

-Roy

Steve Jones - SSC Editor SSC Guru Points: 736270 More actions · Answer 4

1434 UCP is needed for named instances unless you specifically set ports for them.

If you choose other ports, and you can. We have used 51433 in the past. You can set up an alias or client connection to use this port. I have used

Myserver, 51433

as the connection string. A comma with the port will work.