Configuring SQL Server publishing

To publish a SQL Server computer

In the Forefront TMG Management console, in the tree, click the Firewall Policy node.
In the Tasks pane, on the Tasks tab, click Publish Non-Web Server Protocols to open the New Server Publishing Rule Wizard.

Complete the New Server Publishing Rule Wizard as outlined in the following table.

Page	Field or property	Setting or action
Welcome to the New Server Publishing Wizard	Server publishing rule name	Type a name for the protocol definition. For example, type: Publish SQL Server
Select Server	Server IP address	Type the IP address of the SQL Server computer that you want to publish.
Select Protocol	Selected protocol	From the drop-down list, select Microsoft SQL Server. Then, click Ports if you want to override the default ports in the protocol definition.
Ports (appears only if you click Ports on the Select Protocol page)	Firewall Ports	Select one of the following: Publish using the default port defined in the protocol definition. With this option, Forefront TMG accepts incoming client requests on port 1433. Publish on this port instead of the default port. With this option, Forefront TMG accepts incoming client requests on the nonstandard port specified, and then forwards them to the designated port on the published server.
	Published Server Ports	Select one of the following: Send requests to the default port on the published server. With this option, Forefront TMG accepts requests for the published service on port 1433. Send requests to this port on the published server. With this option, Forefront TMG accepts requests for the published service on a port other than port 1433.
	Source Ports	Select one of the following: Allow traffic from any allowed source port. With this option, Forefront TMG accepts requests from any port on allowed client computers. Limit access to traffic from this range of source ports. With this option, Forefront TMG accepts requests only from the ports that you specify.
Network Listener IP Addresses	Listen for requests from these networks	Select the External network. To select specific IP addresses on which Forefront TMG will listen, click Addresses, and then select Specified IP Addresses on the Forefront TMG computer in the selected network. In the Available IP Addresses list, select the appropriate IP address, click Add, and then click OK. In an array with multiple array members, select the same virtual IP address for each array member if Network Load Balancing is enabled. Otherwise, select an appropriate IP address for each array member.
Completing the New Server Publishing Wizard		Review the settings, and then click Finish.

In the details pane, click the Apply button to save and update the configuration, and then click OK.

Note:
For more information about server publishing, see Server Publishing Concepts. By default, client requests that are forwarded by Forefront TMG to the published server appear to come from the IP address of the original client. In this case, the default gateway on the SQL Server computer must be set to the IP address of the network adapter on the Forefront TMG computer through which the SQL Server computer connects to it. As an alternative, you can configure your server publishing rule so that forwarded client requests will appear to come from the Forefront TMG computer on the To tab of the server publishing rule's properties. Server publishing rules are typically used when there is a network address translation (NAT) relationship defined by a network rule between the network on which the clients sending requests to the published server are located and the network on which the published server is located. Server publishing rules can also be used when the network rule between the client network and the network where the server is located defines a routing relationship. However, in this case, the clients must send requests directly to the IP address of the published server. Server publishing rules are not supported in a single network adapter configuration. After publishing the SQL Server computer at the firewall, configure the client computers to use the TCP protocol on port 1433. You can use the SQL Client Network Utility to configure the client computers. Alternatively, you can specify this in the SQL connection string.

Note:

For more information about server publishing, see Server Publishing Concepts.
By default, client requests that are forwarded by Forefront TMG to the published server appear to come from the IP address of the original client. In this case, the default gateway on the SQL Server computer must be set to the IP address of the network adapter on the Forefront TMG computer through which the SQL Server computer connects to it. As an alternative, you can configure your server publishing rule so that forwarded client requests will appear to come from the Forefront TMG computer on the To tab of the server publishing rule's properties.
Server publishing rules are typically used when there is a network address translation (NAT) relationship defined by a network rule between the network on which the clients sending requests to the published server are located and the network on which the published server is located. Server publishing rules can also be used when the network rule between the client network and the network where the server is located defines a routing relationship. However, in this case, the clients must send requests directly to the IP address of the published server.
Server publishing rules are not supported in a single network adapter configuration.
After publishing the SQL Server computer at the firewall, configure the client computers to use the TCP protocol on port 1433. You can use the SQL Client Network Utility to configure the client computers. Alternatively, you can specify this in the SQL connection string.

To publish a SQL Server computer

Related Topics

Concepts