Introduction

The LegalSuite API connects to the SQL Server database on the Client's Windows Server via HTTP (i.e. over the Internet) and therefore require certain settings and security measures in place to ensure that the API can communicate with your Server.

To enable the API to connect to the Server and to ensure the connection is secure, you will need to:

⚫ Open your firewall to allow the API to connect to your database

⚫ Ensure that your SQL Server settings are correct

⚫ Ensure you have the correct TLS version installed

⚫ Have a static IP Address

⚫ Forward Ports on your router.

Each of these steps are documented below. Please consult each step to ensure that you have all the correct settings and requirements to enable safe and secure communication with the LegalSuite API.

If you need help, please contact us at LegalSuite Support and we will be glad to assist.

1) Allowing access through your Firewall

To allow the LegalSuite API to access the LegalSuite database on your Server, you have to open the SQL port on your firewall and only allow traffic from the IP Address of the LegalSuite API's server.

The following guidelines apply to Windows 10, Windows 11 and Windows Server firewalls. If you are using an external firewall (e.g. Sophos or Netgate) you will need to consult its documentation to open the SQL port.

Step #1: Open the Windows Defender Firewall from the Control Panel.

Step #2: Click on 'Advanced Settings'.

Step #3: Click on 'Inbound Rules' and then right-click on 'Inbound Rules' and select 'New Rule'.

Step #4: Select Port and click on 'Next'.

Step #5: Select TCP and Specific local ports and type in 1433 at the Specific local ports.

Note: 1433 is the default port for incoming connections to the SQL database. If you are using a different port for SQL requests, enter that port number here.

Click on 'Next'

Step #6: Select Allow the Connection and click on Next:

Step #7: Make sure all three options (Domain, Private and Public) are ticked and then click on Next.

Step #8: Give the Inbound Rule a 'Name' and a 'Description'. For example: "LegalSuite API Port Forwarding" and a description such as "This connection allows LegalSuites API to connect to the SQL database". Click on 'Finish'.

You have now successfully created a new Inbound Rule on your firewall.

Step #9: To add the IP address of https://api.legalsuite.net to the inbound rule, right-click on the 'Inbound Rule' you created and click on 'Properties':

Step #10: Click on the 'Scope' tab and select 'These IP addresses' under the Remote IP address section and click on the 'Add button'.

Step #11: Type in the IP address of our API Server (13.245.221.84) and click on 'OK'.

Step #12: The IP address now appears in the list. Click on 'Apply' and then 'OK'

You have now successfully added the IP address of the LegalSuite API Server to your firewall which will allow SQL traffic from the API to access data from the Sql Server database.

2) SQL Settings

Once the traffic from the LegalSuite API is able to pass through your firewall, there are a number of settings that need to be enabled on the SQL Server instance itself to allow it to receive requests from remote connections. Please ensure the following settings have been configured on the SQL Server instance used by the LegalSuite program.

Step #1: Go to your Windows Start menu and open the SQL Server Configuration Manager.

Step #2: Ensure that the SQL instance is running (it will have a green play button if it is running).

Step #3: Click on 'Client Protocols' and ensure they are all enabled.

Note: If you have enabled any client protocols, you will have to restart the SQL Server for them to have effect.

Step #4: Expand SQL server network configuration – highlight the SQL instance being used. On the right – right click TCP/IP and choose Properties Click the IP addresses tab Scroll to the bottom and add 1433 into the TCP Port field

Step #5: Log in via Sql Server Management Studio and select the server type "Database Engine".

Step #6: Select "Browse for more..." from the drop down. Look for the SQL server instance you require under "Local Server".

Note: If "Local Server" is not displayed, you may be on the wrong server. Log in to the correct server using Windows authentication or as the sa user and you should now see "Local Server" displayed.

Step #7: Once you have connected to the Server, right click on the Server and select 'Properties'.

Step #8: Under the Security, make sure that "SQL Server and Windows Authentication mode" is enabled.

Step #8: Under Connections, make sure "Allow remote connections to this server" is enabled.

Step #9: Click 'OK'.

Note: You will need to restart SQL Server if you changed settings.

Step #10: Expand Security and then Logins and look for the SQL login for LegalSuite. if it's not there, you will need to add it.

Step #11: Check the following:

⚫ SQL Server Authentication must be selected.

⚫ Enforce Password policy must be OFF,

⚫ The Default Database must be the client's LegalSuite database.

Note: You must be logged into SQL Management Studio as the “sa” user to make any changes here.

Step #12: Click on "Server Roles" and ensure Sysadmin is ticked.

Step #13: Click on "User Mapping" and ensure:

⚫ The LegalSuite Database "Map" is ticked.

⚫ db_owner is ticked.

If all these settings are in place, the API should be able to access the LegalSuite database.

3) Static IP Address

The LegalSuite API needs to a specific IP address to be able to connect to and the IP Address needs to be static to ensure the API always connects to the same IP address at all times.

If your Server does not have a static IP Address you can either:

⚫ Request a static IP Address from your Internet Service Provider.

⚫ Setup a static IP Address using DynDNS.

Note: You are able to sign up for a free trial through this recommend service, but after that there is a yearly cost involved.

Creating a DynDNS account

Step #1: Go to DynDNS and create an account.

Step #2: Once Registered. Select "Add New Hostname".

Step #3: Enter the IP address of your Server.

Step #3: Confirm your details are correct.

Step #4: Once your DynDNS hostname has been setup, click on the 'Support' menu and then click on Download Update Client and install the downloaded program.

Note: The Update Client program will run in the background and ensure your DynDNS address is updated to your current IP address if it ever changes.

Once you have DynDns running on your Server, you can point the LegalSuite API to this DynDns Address to ensure a permanent connect as it will not change even if your actual IP Address changes.

4) Transport Layer Security (TLS)

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit and it is important to have the latest version of TLS installed to ensure communication between the API and the Server is secure.

TLS versions have been updated over time to improve Security, but it is has been identified that TLS versions prior to Version 1.3 have vulnerabilities that can be exploited by hackers. It is therefore important that you have TLS 1.2 or above running on your system.

How do I upgrade the TLS Version?

The easiest way is to ensure that your Windows and SQL Server have all the latest updates and patched installed. These upgrades should install the latest version of TLS.

If you have the latest Windows and SQL Server upgrades and patches and your server is still not using TLS Version 1.2 or higher, the steps to correct this depends on a number of factors including the version of TLS you have installed, your Windows Server version and your SQL Server version.

Please consult the following article which will help you troubleshoot the problem.

5) Port Forwarding

Port Forwarding is a way of making a computer on your network accessible to computers on the internet, this is done by opening a desired port and linking it to your Local IP on our Router.

The LegalSuite API needs to be able to connect to the computer your SQL Server is set up on, Using the NAT service on your router you are able to direct the requests made from our API to your SQL Server.

Each brand of router has there own steps in which you need to take to set up this port forwarding, however you can use this website guide to find the router you have and the steps you need to take.

How to check which ports are listening.

If you have followed all the steps above and you are still having trouble establishing a connection you can check if SQL is listening for a connection with this tool.

The TCP Viewer allows you to see what programs are listening or interacting on specific ports.

Download and run this program, add the desired port at the top on which SQL should be listening.

Conclusion

The above information should be sufficient to solve most issues and enable the LegalSuite API to connect to your Server.

If you have followed all the above steps and are still having problems, please contact us at LegalSuite Support and we will be glad to assist.