How to Secure ZappySys Data Gateway (Network Settings)

Introduction

In our previous article we explored several powerful features of the ZappySys Data Gateway. This follow‑up post focuses on keeping the gateway secure. You’ll learn about the new options available in the Network Settings tab, how to restrict access by IP address, and how to grant dataset‑level permissions to non‑admin users.

Network Settings Overview

The Network Settings tab contains filters that control which clients can connect to the gateway. Two common scenarios are addressed below: allowing a range of IP addresses, or permitting only a single IP address.

If your connection still fails even after opening port 5000, a third-party firewall is very likely blocking it.

The “Add Firewall Rule” option only creates a rule in Windows Defender Firewall and does not configure rules in third-party security software.

Common symptoms of this issue include:

• Login timeout or connection timeout errors
• OPENQUERY or Linked Server failing to connect
• Port appears open in Windows Firewall but connection still fails

Third-Party Firewall Blocking Gateway Connection

When you click “Add Firewall Rule” in ZappySys Data Gateway, the rule is added to Windows Defender Firewall to allow inbound traffic on the configured port (default: 5000).

In environments with third-party security software, this alone may not be sufficient.

Why?

If your system is using third-party security software (such as ESET Endpoint Security, McAfee, Symantec, etc.), Many enterprise antivirus tools include their own firewall, which takes priority over or replaces Windows Defender Firewall.
For example, in one case, the rule was added successfully in Windows Firewall, but traffic was still blocked by ESET Endpoint Security. Once the ESET firewall was paused, the connection worked immediately.
In such cases:

• Windows Defender rules may be ignored
• Traffic can still be blocked even if the port is open in Windows Firewall
• Connection attempts (e.g., Linked Server, ODBC queries) may fail with timeout errors

What to check

If you are unable to connect even after adding the firewall rule:

• Verify whether any third-party firewall/antivirus is installed
• Temporarily disable or pause it for testing
• If the connection works after disabling, then the traffic is being blocked by that software

How to fix

To resolve this issue:

• Add an inbound allow rule in your third-party firewall for the Gateway port (default: 5000)
• Ensure the rule allows traffic from the required source machines
• Ensure both inbound and outbound rules are allowed if required by your network policy
• Ensure rules are applied under the correct network profile (Domain / Private / Public)
• Contact your network/security administrator if needed

Test connectivity

You can verify if the port is reachable using PowerShell:

If TcpTestSucceeded = False, the port is still blocked by a firewall or network security layer.

Note

⚠️ Important: Opening a port in Windows Defender Firewall alone does not guarantee connectivity if a third-party firewall is active.

IP Range Filter

1. Ensure you have installed the ZappySys ODBC PowerPack with the default options (this also installs the Data Gateway Service).
2. Open the gateway configuration app by typing “Gateway” in the Start menu and selecting ZappySys Data Gateway Configuration.
   

   Open ZappySys Data Gateway

3. Assuming the other tabs are already configured the way you want, switch to Network Settings.
4. Click the Edit IP Filters button (see screenshot below):
   

   Range IP Filters Network Settings for Data Gateway

5. In the IP Filters dialog, set Enabled to true, then supply the From and To addresses that define the permitted range:

Single range example:

Multiple ranges example:

6. Save the dialog, then click OK to apply the settings. Only clients whose IP addresses fall within the defined ranges will be allowed.

Single IP Filter

1. Repeat steps 1‑3 from the previous section.
2. Open the IP Filters dialog and enable it.
3. Enter the same value for the From and To fields to restrict access to one address.
4. Save and close the dialog; only that address may connect to the gateway.

Specific IP Filter Network Settings for Data Gateway.

Note: once any filter rule is enabled, all other addresses are automatically blocked.

User‑Based Permissions

You can further limit access by granting specific users permission to individual data sources. This is useful when you want to allow non‑admin users to consume only certain datasets.

1. Make sure the user(s) exist on the Users tab and that they are not assigned administrator rights.
2. Switch to the Datasets tab.
3. Find the row for the data source you wish to secure and click Edit in the Users column.
4. In the dialog that appears, select one or more users on the left pane and click the [ >> ] button to move them to the right pane.
5. Choose the desired permission type (for example, Full permission).
   

   Set Dataset User Permissions – ZappySys Data Gateway

6. Click OK to save the changes.
7. Restart the Data Gateway service to ensure the new permissions take effect.

Conclusion

In this article we reviewed several ways to harden the ZappySys Data Gateway. The network filters let you restrict connections to either a specific IP address or a range of addresses. The new user‑based permissions allow you to grant dataset access to individual users. Together these features make your gateway more secure and easier to manage.

If you haven’t yet installed the gateway, download it here to get started.