Connecting to SQL Server over the Internet
If your client and server are connected to the Internet, you can use the Internet to connect to an instance of the Microsoft SQL Server Database Engine using SQL Server Management Studio or a client application based on OLE DB, or Open Database Connectivity (ODBC).
To share data over the Internet, you must use the TCP/IP Net-Libraries, and ensure that TCP/IP support is enabled. If the server is registered with Domain Name System (DNS), you can connect using its registered name.
Although an Internet connection is less secure than a Microsoft ISA Server connection, using a firewall or an encrypted connection, as described below, helps keep sensitive data secure.
Using a Firewall System with the SQL Server Database Engine
Many companies use a firewall system to isolate their networks from unauthorized access from the Internet. A firewall can be used to restrict access to your network by forwarding only requests targeted at specific TCP/IP addresses in the local network. Requests for all other network addresses are blocked by the firewall. You can allow Internet applications to access an instance of the SQL Server Database Engine in the local network by configuring the firewall to forward network requests that specify the network address of the instance of the Database Engine.
To work with a firewall, the instance of the Database Engine must listen on the network address that the firewall is configured to forward. A TCP/IP network address for SQL Server Database Engine consists of two parts: an IP address associated with one or more network cards in a computer, and a TCP port address specific to an instance of SQL Server. Default instances of the Database Engine use TCP port 1433 by default. Named instances, however, dynamically assign an unused TCP port number the first time the instance is started. The named instance can also dynamically change its TCP port address on a later startup if the original TCP port number is being used by another application. SQL Server only dynamically changes to an unused TCP port if the port it is currently listening on was itself dynamically selected; if a statically assigned port is in use by another application, SQL Server displays an error and continues to listen on other ports. It is unlikely, however, that another application would use 1433 since that port is a well-known registered address for the SQL Server Database Engine.
When using a named instance of Database Engine with a firewall, use SQL Server Configuration Manager to configure the named instance to listen on a specific TCP port. You must pick a TCP port that is not used by another application running on the same computer or cluster. For a list of well-known ports registered for use by various applications, go to the Internet Assigned Numbers Authority Web site at http://www.iana.org.
The network administrator should configure the firewall to forward communication to SQL Server for the IP address and TCP port that the instance of the Database Engine is listening on (either TCP port 1433 for a default instance, or the TCP port you configured for a named instance). Also, because Microsoft SQL Server 2005 uses UDP port 1434 to establish communications links from applications, have the network administrator configure the firewall to forward requests for UDP port 1434 on the same IP address. For more information about UDP port 1434, see SQL Server Browser Service.
For example, consider a computer running one default instance and two named instances of the SQL Server Database Engine. The computer is configured such that the network addresses that the three instances listen on all have the same IP address. The default instance would listen on TCP port 1433, while the other named instances could listen on TCP ports 1434 and 1954, respectively. The network administrator would then configure the firewall to forward network requests for UDP port 1434 and TCP ports 1433, 1434, and 1954 on that IP address.