Connection from IIS7 to sql server fails when outbound traffic is blocked

Question

I'm using windows 2008 R2 with IIS 7.5 (default config) trying to configure my firewall to block all outgoing connections, to prevent malicious attacks from "phoning home".

What outgoing rules do I need to create to enable the web application to connect to SQL Server default instance? The SQL server is under my control and it's running port 1433 for sure.

The webserver works fine. But the connect to DB step fails.

When I ping the sql server 2012 from the web server, I get the following:

Pinging xxx.0.0.xxx with 32 bytes of data: General failure. General failure. General failure. General failure.

I have already tried the following:

1. Created an outbound rule for port 1433 for w3wp.exe for port 1433
2. Created an outbound rule for WWWPublishing service for port 1433
3. When the above failed, I created an outbound rule for ALL programs and applications for 1433, still no go.
4. When all failed. I tried to enable ALL the included rules in the list, still didn't help
5. Tried connection string with data source=xxx.0.0.xxx and data source=xxx.0.0.xxx,1433 both worked with outbound allowed, and both faild when outbound is blocked.
6. Created a new rule to enable RPC, so I created a rule for all TCP traffic for services.exe

The only way to get it to connect, is to change the default behavior for the firewall to Allow outgoing traffic.

Just to reiterate, the only connection that is failing is web-server-> sql server.

Internet to Web server is fine.

Which port/program am I missing?

Answer 1

1433 is the port your remote machine listens to not the outgoing port of the clients.

Outgoing ports are dynamically assigned by the OS.

Go on a process basis.

An outbound rule All Ports of w3wp to 1433 works.