cancel
Showing results for 
Search instead for 
Did you mean: 

firewall is blocking UDP traffic to port 1434 SAP Java for SRM

geo_delvalle
Discoverer
0 Kudos
1,207

Hi admins.

I have a problem in one distributed SAP Netweaver system. It´s a system Java for SRM, we installed an antimalware in the database server and turn on the antimalware firewall, since then moment the application not response (the application live in another server), we made a test and turn off the firewall and the application was able to connect to the database.

We created rules to excluded ports of block. But yet we have a problem to connect app with database.

--------------

Type | Port | Description

TCP | 1434 | SQL Admin Connection

TCP | 2382 | SQL TCP Browser

TCP | 1433 | SQL Server

TCP | 49172 | SQL Dynamic

TCP | 135 | SQL Debugger

TCP | 4022 | SQL Service Broker

TCP | 80 | CLEAR_PORT traffic

TCP | 443 | SSL_PORT traffic endpoint

TCP | 2383 | Analysis Services

UDP | 1434 | SQL UDP Browser

UDP | 500 | IPsec traffic

UDP | 4500 | IPsec traffic

-----------------

This is the log of server SAP Java

Text: Exception of type com.sap.sql.log.OpenSQLException caught: Exception of type com.microsoft.sqlserver.jdbc.SQLServerException caught: The connection to the host --------, named instance --- failed. Error: "java.net.SocketTimeoutException: Receive timed out (local port ----- to address 0.0.0.0, remote host unknown)". Verify the server and instance names and check that no firewall is blocking UDP traffic to port 1434. For SQL Server 2005 or later, verify that the SQL Server Browser Service is running on the host.

The database is SQL Server.

Can you help me if I need to exclude other ports?

Regards.

View Entire Topic
clas_hortien
Advisor
Advisor
0 Kudos

Hi,

when you have a named instance the client driver uses UDP Port 1434 to connect to the SQL Server Browser service on the target instance to get the port number of the named instance. This port number is dynamic by default, but can be set to a static one using the SQL Server Configuration Manager. In your case it would make sense to set a static port number (e.g. 50001) for the instance, reboot the instance and open the port in the firewall. With this static port you can avoid using the Browser service and the port UDP 1434 at all by changing the connection string from

server=<Hostname\NamedInstance>

to

server=<Hostname,Portnumber>

So the client driver already knows the port and the Browser Service and the UDP Port is not needed.

Regards

Clas