question

CharlieBrown-6402 avatar image
0 Votes"
CharlieBrown-6402 asked msrini-MSFT edited

SonicWall NAT to SQLMI

We are planning on connecting a Colo environment that has a requirement to have a dedicate IP to be used for its connectivity.

We have a site to site vpn established from Colo to SonicWall VPN Appliance

The colo internal IP 10.103.55.135 will be natted to <-NAT-> 10.93.172.4 <-NAT-> and once its hits our SonicWall appliance in Azure this NAT will need to be converted to our Azure network where SQLMI is running 10.20.7.0\24 SQLMI (DEVELOPMENT)

Most of the time you would NAT a single IP but since this is SQLMI that ip could change therefore need to reference by DNS name for the SQLMI instance.

Question - If I NAT 10.93.172.4 to the SQLMI Subnet 10.20.7.0\24 and if the Colo tries to resolve the SQLMI over that natted 10.93.172.4 - will it be able to resolve?

azure-virtual-network
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

At the moment I don't have a Load Balancer deployed. Do I need to deploy a internal Load Balancer or does SQL MI deploy one automatically? I'm not seeing one deployed in my environment so I assume that I need to deploy. I also saw that SQLMI has what is called a service managed endpoint but does appear to be accessible for connectivity.

https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/management-endpoint-find-ip-address

When I do a nslookup of the sqlmi server it does return the gateway ip and an internal ip of 10.20.7.x - should i be able to use that internal address to NAT to? Also if this is true then i should be able to connect to SQLMI directly with SSMS tool to that 10.20.7.x address also instead of the dns string correct?

0 Votes 0 ·

1 Answer

msrini-MSFT avatar image
0 Votes"
msrini-MSFT answered msrini-MSFT edited

Hi CharlieBrown-6402,

The SQL MI FQDN is mapped to the frontend IP of the Load Balancer and when you do a DNS query you will always get the same Frontend IP address. In your case, if the SQL MI FQDN points to the LB's IP of 10.93.172.4, the when you perform DNS query to the SQL MI's FQDN you will always get the same IP.

Let me know if you have any questions post testing.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

At the moment I don't have a Load Balancer deployed. Do I need to deploy a internal Load Balancer or does SQL MI deploy one automatically? I'm not seeing one deployed in my environment so I assume that I need to deploy. I also saw that SQLMI has what is called a service managed endpoint but does appear to be accessible for connectivity.

https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/management-endpoint-find-ip-address

When I do a nslookup of the sqlmi server it does return the gateway ip and an internal ip of 10.20.7.x - should i be able to use that internal address to NAT to? Also if this is true then i should be able to connect to SQLMI directly with SSMS tool to that 10.20.7.x address also instead of the dns string correct?

0 Votes 0 ·

The Internal IP which you get is the ILB IP. Yes, you need to do a DNAT to that IP. If you connect via SSMS tool, always use the FQDN not the IP.

0 Votes 0 ·

Question - So from my colo environment if I create a DNS record with the SQL MI FQDN pointing to 10.93.172.4 this will then route to sonic wall and then will be natted to 10.20.7.x and a connection will be made to the sql mi service - does this sound correct?

0 Votes 0 ·
Show more comments