Reverse-Proxy "Access Portal" and SQL 1433

Spent a ton of money getting the Access Portal on a T40 WG so we can "Reverse Proxy" some inbound 1433 Traffic but when I got the box all setup I don't seem to see anywhere we can do this and it seems very limited. I just assumed that a Reverse Proxy would allow you to Reverse Proxy any port needed.

Anyone know about this or am I going to have to build an NGINX Server????

Comments

  • You can have external users authenticate to the firewall prior to being able to access internal devices using RDP or similar.

    Review this:
    Firewall Authentication
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/firewall_auth_c.html

  • Should you wish to chose this option, you can add authentication user IDs and/or groups to policies in the From: field
    Users would need to authenticate to the firewall using HTTPS on port 4100, and then launch their restricted access, such as RDP.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @Cowlitz

    Reverse proxy is an access portal feature that's designed to protect internal webpages by proxying them via the firewall via the access portal feature (which also requires the user to authenticate via that feature.) Reverse Proxy is used for HTTP and HTTPS webpages. Reverse proxy isn't going to know what to do with a straight SQL connection.

    As Bruce mentioned, you can set up the authentication portal along with some policies that allow the user(s) to authenticate to the firewall using the authentication page on port 4100. This doesn't encrypt the traffic in any way, but does help protect the SQL server itself. Another option would be to set up one of the VPN options and have the users authenticate to the VPN in order to access the SQL server.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.