SonicWall NAT to SQLMI

Question

SonicWall NAT to SQLMI

Charlie Brown 396

We are planning on connecting a Colo environment that has a requirement to have a dedicate IP to be used for its connectivity.

We have a site to site vpn established from Colo to SonicWall VPN Appliance

The colo internal IP 10.103.55.135 will be natted to <-NAT-> 10.93.172.4 <-NAT-> and once its hits our SonicWall appliance in Azure this NAT will need to be converted to our Azure network where SQLMI is running 10.20.7.0\24 SQLMI (DEVELOPMENT)

Most of the time you would NAT a single IP but since this is SQLMI that ip could change therefore need to reference by DNS name for the SQLMI instance.

Question - If I NAT 10.93.172.4 to the SQLMI Subnet 10.20.7.0\24 and if the Colo tries to resolve the SQLMI over that natted 10.93.172.4 - will it be able to resolve?

Charlie Brown 396 Reputation points

2021-05-05T12:36:46.38+00:00

At the moment I don't have a Load Balancer deployed. Do I need to deploy a internal Load Balancer or does SQL MI deploy one automatically? I'm not seeing one deployed in my environment so I assume that I need to deploy. I also saw that SQLMI has what is called a service managed endpoint but does appear to be accessible for connectivity.

https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/management-endpoint-find-ip-address

When I do a nslookup of the sqlmi server it does return the gateway ip and an internal ip of 10.20.7.x - should i be able to use that internal address to NAT to? Also if this is true then i should be able to connect to SQLMI directly with SSMS tool to that 10.20.7.x address also instead of the dns string correct?

1 answer

Your answer

Charlie Brown 396 Reputation points

2021-05-05T12:36:46.38+00:00

At the moment I don't have a Load Balancer deployed. Do I need to deploy a internal Load Balancer or does SQL MI deploy one automatically? I'm not seeing one deployed in my environment so I assume that I need to deploy. I also saw that SQLMI has what is called a service managed endpoint but does appear to be accessible for connectivity.

https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/management-endpoint-find-ip-address

When I do a nslookup of the sqlmi server it does return the gateway ip and an internal ip of 10.20.7.x - should i be able to use that internal address to NAT to? Also if this is true then i should be able to connect to SQLMI directly with SSMS tool to that 10.20.7.x address also instead of the dns string correct?

Answer 1

msrini-MSFT 9,291 Microsoft Employee

Hi CharlieBrown-6402,

The SQL MI FQDN is mapped to the frontend IP of the Load Balancer and when you do a DNS query you will always get the same Frontend IP address. In your case, if the SQL MI FQDN points to the LB's IP of 10.93.172.4, the when you perform DNS query to the SQL MI's FQDN you will always get the same IP.

Let me know if you have any questions post testing.

Charlie Brown 396 Reputation points

2021-05-05T12:36:46.38+00:00

At the moment I don't have a Load Balancer deployed. Do I need to deploy a internal Load Balancer or does SQL MI deploy one automatically? I'm not seeing one deployed in my environment so I assume that I need to deploy. I also saw that SQLMI has what is called a service managed endpoint but does appear to be accessible for connectivity.

https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/management-endpoint-find-ip-address

When I do a nslookup of the sqlmi server it does return the gateway ip and an internal ip of 10.20.7.x - should i be able to use that internal address to NAT to? Also if this is true then i should be able to connect to SQLMI directly with SSMS tool to that 10.20.7.x address also instead of the dns string correct?
msrini-MSFT 9,291 Reputation points Microsoft Employee

2021-05-05T14:35:41.1+00:00

The Internal IP which you get is the ILB IP. Yes, you need to do a DNAT to that IP. If you connect via SSMS tool, always use the FQDN not the IP.
Charlie Brown 396 Reputation points

2021-05-05T17:34:22.033+00:00

Question - So from my colo environment if I create a DNS record with the SQL MI FQDN pointing to 10.93.172.4 this will then route to sonic wall and then will be natted to 10.20.7.x and a connection will be made to the sql mi service - does this sound correct?
msrini-MSFT 9,291 Reputation points Microsoft Employee

2021-05-06T04:51:00.677+00:00

Sounds good to me. Try and let me know if you face any issues post testing

Share via

SonicWall NAT to SQLMI

1 answer

Your answer