Announcement

Collapse
No announcement yet.

Access SQL Server from PSN to Protected

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Access SQL Server from PSN to Protected

    Hi

    I have a webserver on our PSN Network with a fixed IP of 172.x.x.120 which needs SQL access through our GTA 820 Firewall to a server IP 192.x.x.60 in our protected network.

    I have tried using NAT tcp/1433 ->1434 on an inbound tunnel from <PSN> to 192.x.x.60 but this doesn’t seem to work.

    It has occurred to me that what I should be doing Is using a static route, is this what I should be doing?

    Any advice would be greatly appreciated.

    Thanks

    Gordon

  • #2
    Hello Gordon,

    The Inbound Tunnel configuration you have described should work without a static route. The PSN server should be configured to target the PSN interface IP address NOT the IP address of the server on the Protected interface. The Inbound Tunnel defintion would then handle routing the connections to the server on the Protected interface. A small diagram of this connection is as follows: [172.x.x.120] ----tcp/1433 --->172.x.x.[FW_PSN_IP address] ----tcp/1434----->192.x.x.60. One thing to keep in mind about this configuration is that it is a NAT case. The server on the PSN network has no idea what the IP address of the server in the Protected network is. This works in most cases but some services and operating systems do not respond properly when NAT is applied across connections.

    Another (and possibly more desireable configuration) is to remove NAT between these two hosts by creating a Hosts/Networks definition within [Configure -> Network -> Pass Through -> Hosts/Networks]. Once this definition is configured, NAT between these two hosts is removed and the connections now fall into a Pass Through case. Pass Through policies are configured within [Configure -> Security Policies -> Pass Through]. Once policies are created to allow the SQL traffic between these hosts, the server on the PSN network can now directly talk to the server on the Protected network and should be configured to target the 192.x.x.60 IP address.
    Last edited by ahollifield; 2014-07-08, 11:54.

    Comment


    • #3
      That was the problem, I was trying to send the traffic straight to my SQL server rather than, an firewall interface on the PSN.

      Thanks very much.

      Gordon

      Comment

      Working...
      X