Accessing SQL Monitor through a firewall
Published 03 December 2012
If you are unable to view the SQL Monitor web page, and your browser displays a "cannot connect" type message, then you may need to check that SQL Monitor is not being blocked by the firewall on the web server machine.
If possible, install the Base Monitor on a server that does not need to go through a firewall to access the SQL Servers you want to monitor. If your network configuration prevents this, then we recommend that you use a VPN link between the Base Monitor and the monitored SQL Servers.
If your organization uses Network Address Translation (NAT), then you may not be able to monitor SQL Servers that are subject to it.
To allow access to SQL Monitor through the firewall, follow the steps below.
Allow access to TCP ports and WMI
SQL Monitor requires access to:
- TCP port 135 used by the Remote Procedure Call (RPC) service. Also make sure that the remote registry service is started on the server.
- TCP port 445 used by the Server Message Block (SMB) service that allows remote file access.
- TCP port 1433 used as the default registered address for the SQL Server Database Engine. If your SQL Server uses a different TCP configuration, use that port number instead.
- WMI. You will need to configure each server you want to monitor separately. See the following:
Connecting Through Windows Firewall
Setting Namespace Security with the WMI Control
For XP, Vista and Windows Server 2003 and 2008
- Open the Control Panel on the machine where you installed the SQL Monitor Web Server.
- Go to Security Center and click Windows Firewall.
- Click Change settings.
- Under Exceptions, click Add port and then enter a name and the port number.You can use any name to identify that this exception is for SQL Monitor.
The port number should be your SQL Monitor web server port number, specified during installation; this is 8080 by default. - Click OK.
For Windows 7
- On the machine where you installed the SQL Monitor Web Server, open Windows Firewall with Advanced Security:
- Type "Firewall" into the Search programs and files box, or
- From the Control Panel, select System and Security then Windows Firewall then Advanced settings.
- Click Inbound Rules.
- Click New Rule.
- Select Port as the type of rule you want to create, then click Next.
- Choose TCP as the port type, then under Specific local ports, enter the SQL Monitor port number.
Your SQL Monitor web server port number is specified during installation; this is 8080 by default. - Click Next, then select Allow the connection.
- Click Next, then choose the type of profile to apply the rule to.
- Click Next, then enter a name to identify that this exception to your firewall is for SQL Monitor.
- Click Finish.
Further information
For XP, see the following Microsoft KB article: http://support.microsoft.com/kb/842242
For Windows 7, see the following Microsoft article: http://windows.microsoft.com/en-us/windows7/Allow-a-program-to-communicate-through-Windows-Firewall