04-16-2008 09:24 PM - edited 03-11-2019 05:32 AM
Could anyone advice, if I have database servers subnetwork behind an ASA5520 box, (application servers do not behind the ASA5520), what rules I need add in, basically?
what if the servers are unix server and what if the servers are window server?
Any comments will be appreciated
Thanks in advance
04-16-2008 09:35 PM
It depends what type of database, for example we have sql database, for apps to talk to sql database servers needing to cross firewall I opened tcp port 1433 which is the SQL tcp ports needed for client apps or servers needing to talk to sql database server.. basically you need to find out what database is that you are running and what are their required tcp ports to be opened in firewalls.
HTH
Rgds
Jorge
04-30-2008 07:01 PM
Jorge, great thanks.
except certain ports, I also need to get something which unix box always do - alow all the communicate session which original issued by DB server itself.
Could you and other expert advice me how can I do on ACL?
Thanks in advance.
04-30-2008 09:03 PM
Hi,
Basically, you need to understand what flows in your network and how.
If you collect certain details and study of your application and DB software to understand their connection initiation and necessity, it will give you a better picture of flow map with port numbers.
Then according to this prepare access list on both interfaces. Ports you need to open will depend on the application and DB software, not really on the OS type unless they have any independent communication requirement outside of the app and DB. While placing access lists you can always put a permit line between those two subnets and then deny any to any line.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: