This article describes how to configure a Windows Firewall for Database Engine access in SQL Server by using SQL Server Configuration Manager. Firewall systems help prevent unauthorized access to computer resources. To access an instance of the SQL Server Database Engine through a firewall, you must configure the firewall on the computer running SQL Server to allow access.
For more information about the default Windows Firewall settings, and a description of the TCP ports that affect the Database Engine, Analysis Services, Reporting Services, and Integration Services, see Configure the Windows Firewall to Allow SQL Server Access. There are many firewall systems available. For information specific to your system, see the firewall documentation.
The principal steps to allow access are:
Configure the Database Engine to use a specific TCP/IP port. The default instance of the Database Engine uses port 1433, but that can be changed. The port used by the Database Engine is listed in the SQL Server error log. Instances of SQL Server Express, SQL Server Compact, and named instances of the Database Engine use dynamic ports. To configure these instances to use a specific port, see Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager).
Configure the firewall to allow access to that port for authorized users or computers.
Note
The SQL Server Browser service lets users connect to instances of the Database Engine that are not listening on port 1433 without knowing the port number. To use SQL Server Browser, you must open UDP port 1434. To promote the most secure environment, leave the SQL Server Browser service stopped, and configure clients to connect using the port number.
By default, Microsoft Windows enables the Windows Firewall, which closes port 1433 to prevent Internet computers from connecting to a default instance of SQL Server on your computer. Connections to the default instance using TCP/IP are not possible unless you open port 1433. The basic steps to configure the Windows firewall are provided in the following procedures. For more information, see the Windows documentation.
As an alternative to configuring SQL Server to listen on a fixed port and opening the port, you can list the SQL Server executable (Sqlservr.exe) as an exception to the blocked programs. Use this method when you want to continue to use dynamic ports. Only one instance of SQL Server can be accessed in this way.
Security
Opening ports in your firewall can leave your server exposed to malicious attacks. Make sure that you understand firewall systems before you open ports. For more information, see Security Considerations for a SQL Server Installation.
Using Windows Defender Firewall with Advanced Security
The following procedures configure the Windows Firewall by using the Windows Defender Firewall with Advanced Security Microsoft Management Console (MMC) snap-in. The Windows Defender Firewall with Advanced Security only configures the current profile. For more information about the Windows Defender Firewall with Advanced Security, see Configure the Windows Firewall to Allow SQL Server Access.
To open a port in the Windows Firewall for TCP access
On the Start menu, select Run, type WF.msc, and then select OK.
In the Windows Firewall with Advanced Security application, in the left pane, right-click Inbound Rules, and then select New Rule in the action pane.
In the Rule Type dialog box, select Port, and then select Next.
In the Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number of the instance of the Database Engine, such as 1433 for the default instance. Select Next.
In the Action dialog box, select Allow the connection, and then select Next.
In the Profile dialog box, select any profiles that describe the computer connection environment when you want to connect to the Database Engine, and then select Next.
In the Name dialog box, type a name and description for this rule, and then select Finish.
To open access to SQL Server when using dynamic ports
On the Start menu, select Run, type WF.msc, and then select OK.
In the Windows Firewall with Advanced Security, in the left pane, right-click Inbound Rules, and then select New Rule in the action pane.
In the Rule Type dialog box, select Program, and then select Next.
In the Program dialog box, select This program path. Select Browse, and navigate to the instance of SQL Server that you want to access through the firewall, and then select Open. By default, SQL Server is at C:\Program Files\Microsoft SQL Server\MSSQLXX.MSSQLSERVER\MSSQL\Binn\Sqlservr.exe. Select Next. The MSSQLXX version will be specific to your version of SQL Server.
In the Action dialog box, select Allow the connection, and then select Next.
In the Profile dialog box, select any profiles that describe the computer connection environment when you want to connect to the Database Engine, and then select Next.
In the Name dialog box, type a name and description for this rule, and then select Finish.
See also
How to: Configure Firewall Settings (Azure SQL Database)
Open a port in the Windows Firewall for TCP access
In the Rule Type dialog box, select Port, and then select Next. In the Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number of the instance of the Database Engine, such as 1433 for the default instance. Select Next.
Ports used by the Database Engine. By default, the typical ports used by SQL Server and associated database engine services are: TCP 1433 , 4022 , 135 , 1434 , UDP 1434 .
Expand the Configuration Tools subfolder and right-click on SQL Server Configuration Manager. Click on Run as Administrator. Select SQL Server Network Configuration and click Protocols for SMTKINGDOM. In the right pane, right-click TCP/IP and click Enable.
In the Defender for Cloud menu, select Environment settings. Select the relevant subscription. On the Defender plans page, locate the Databases plan and select Select types. In the Resource types selection window, toggle the SQL servers on machines plan to On.
You can check TCP/IP connectivity to SQL Server by using telnet. For example, at the command prompt, type telnet 192.168.0.0 1433 where 192.168. 0.0 is the address of the computer that is running SQL Server and 1433 is the port it is listening on.
As we have already mentioned, the SQL Server Database Engine listens on port 1433 for the TCP/IP connections, and port 1434 is used for the UDP connections by default. However, if you are working with more than one SQL Server instance at the same time, you will have the default port numbers.
For example, if your server name is "MyServer" and the port number is "1234", you would use the following connection string: server=MyServer,1234;database=myDatabase;integrated security=true; When connecting with Microsoft SQL Server Management studio, enter port number with comma.
Change the port in the SQL Server Configuration Manager, and under the TCP/IP which has the layer of the IP v4 , v6 etc, and change the port accordingly.
Then, the port number is only changed on the TCP port level at the SQL configuration.
From the Object Explorer in Microsoft SQL Server Management Studio, right-click the desired Database and select Properties. Navigate to the Permissions page and select the desired User from the Users or roles list. From the Permissions for [username] list, grant the required explicit user permissions.
Select All programs and click Next. Select the Remote port (in this example, SMB: TCP 445), and then click Next. Select the ip addresses/ranges this rule applies to, and then click Next. Select Allow the connection if it is secure, and click Customize.
Address: Suite 751 871 Lissette Throughway, West Kittie, NH 41603
Phone: +2366831109631
Job: Sales Producer
Hobby: Creative writing, Motor sports, Do it yourself, Skateboarding, Coffee roasting, Calligraphy, Stand-up comedy
Introduction: My name is Laurine Ryan, I am a adorable, fair, graceful, spotless, gorgeous, homely, cooperative person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
SQL Server