Hi'll
I'm using a fortigate 92D with the latest image 5.4
I connect my client's with the Forticlient using IPSEC.
This all works I narrowed down in my rules who can connect and to what.
But I want to allow only SMB (found that) and SQL traffic to a named instance on a SQL 2012 R2 server.
As long as I use the All services rule it works but I would like to limit it to SMB and SQL
Which service and ports are we talking about ??
Rene
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
you find the ports used for the various SQL Server services in this article "Configure the Windows Firewall to Allow SQL Server Access" here: https://msdn.microsoft.com/de-de/library/cc646023%28v=sql.110%29.aspx (sorry, "insert link" button is greyed out).
Define each port/protocol combo as a custom service and group them in a custom service group, to use in the policy. SMB or "Windows AD" is always needed additionally.
hi,
you find the ports used for the various SQL Server services in this article "Configure the Windows Firewall to Allow SQL Server Access" here: https://msdn.microsoft.com/de-de/library/cc646023%28v=sql.110%29.aspx (sorry, "insert link" button is greyed out).
Define each port/protocol combo as a custom service and group them in a custom service group, to use in the policy. SMB or "Windows AD" is always needed additionally.
And the cli cmd diag debug flow if your friend if anything fails and it would also help to show you service are being matched or allowed o denied
PCNSE
NSE
StrongSwan
Be aware that certain ms sql configurations does not use fixed ports, so you need to dig on mssql documentation on how to configure fixed port for the service.
my .02
regards
I never heard of that but 1433/tcp is the defacto MS-SQL port unless you change it.The nestat -an on the target host will also indicate the listener for that service also.
Ken
PCNSE
NSE
StrongSwan
@last_3_posts:
that's all in the cited paper, 1433/tcp, 1434/tcp, 1433/udp, dynamic ports included, with instructions how to make them static.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.