CloudSQL proxy & corp firewall question

[Scott Ertel]

Our corp firewall is blocking outbound connections to port 3307. The security team is willing to work with me on opening it up, but they want to open it up to only specific IP's or ranges. 

Does anyone know of the hosts that would need to be allowed? im assuming its by zone. 

[Katayoon (Cloud Platform Support)]

Hi Scott,

When you connect using TCP, you only need to ensure outgoing TCP (3306) on remote port 3307 is allowed, however you can specify another port for it to use as well.

[Scott Ertel]

That doesn't help. I need to know what ip's the sql proxy server uses to whitelist. My security team will not open the port to all ip's

On Fri, Dec 7, 2018, 10:42 AM 'Katayoon (Cloud Platform Support)' via Google Cloud SQL discuss <google-cloud...@googlegroups.com wrote:

Hi Scott,

When you connect using TCP, you only need to ensure outgoing TCP (3306) on remote port 3307 is allowed, however you can specify another port for it to use as well.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-d...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-sql-discuss/9b1bc87c-1b99-4e68-80dd-52cea363c110%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[diogoa...@google.com]

Hello,

Not having to whitelist IP addresses is benefit of using the Cloud SQL proxy. The details on how the proxy works and connects to the instance are transparent. As Cloud SQL proxy does not disclose its IP(s) address(es) for you to whitelist, I suggest you consider other alternatives, like the Private IPs. However, note that Private IPs access to connect to Cloud SQL instances only work from Compute Engine or Google Kubernetes Engine instances.

Another alternative is to enable the Cloud SQL instance public IP address and use SSL to keep data secure.

Please check all the alternatives available to connect to Cloud SQL on this document. It will help you choose the best option for your use case.

On Saturday, December 29, 2018 at 1:08:44 PM UTC-5, Scott Ertel wrote:

That doesn't help. I need to know what ip's the sql proxy server uses to whitelist. My security team will not open the port to all ip's

On Fri, Dec 7, 2018, 10:42 AM 'Katayoon (Cloud Platform Support)' via Google Cloud SQL discuss <google-cloud-sql-discuss@googlegroups.com wrote:

Hi Scott,

When you connect using TCP, you only need to ensure outgoing TCP (3306) on remote port 3307 is allowed, however you can specify another port for it to use as well.

--
You received this message because you are subscribed to the Google Groups "Google Cloud SQL discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-sql-discuss+unsub...@googlegroups.com.