Configuring Windows Firewall for SQL Server

Alerts and notices

Leave feedback

Please rate this topic.

Excellent  |  Good  |  Average  |  Poor

Did you find the information you need?

Yes  |  No

Name (optional):

Leave this blank:

Please tell us how we can make this information more helpful.


Characters left:

To ensure that SQL based applications successfully connect to a remote instance of SQL Server on a machine that is running the Microsoft Windows Firewall, several exceptions must be configured.

Resolution

To modify the Windows Firewall configuration, you can access Windows Firewall with Advanced Security through Control Panel > Windows Firewall > Advanced Settings or through Control Panel > Administrative Tools > Windows Firewall with Advanced Security. For the required settings using each option, click the appropriate link below.

Note: When creating the application exceptions on a 64-bit Windows Operating System, the application path may use the Program Files (x86) directory instead of Program Files. This would occur if the SQL instance is 32-bit instead of 64-bit.

  1. Configure the following exceptions in Windows Firewall to allow access to SQL Server.
    • A port exception for TCP Port 1433
    • A port exception for UDP Port 1434
    • A program exception for sqlservr.exe
    • A program exception for sqlbrowser.exe
  2. Open Control Panel and then open Windows Firewall.  Click Advanced settings on the left side of the Windows Firewall window to open Windows Firewall with Advanced Security.
  3. Click Inbound Rules on the left side of the window and then New Rule on the right side.
    SQL Firewall Advanced 01
  4. In the New Inbound Rule Wizard dialog, use the following information to create a port exception.
    • Select Port
    • Select TCP and specify port 1433
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule "SQL Server TCP 1433"
  5. Click New Rule again and use the following information to create another port exception.
    • Select Port
    • Select UDP and specify port 1434
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule "SQL Server UDP 1434
  6. Click New Rule again and use the following information to create a program exception.
    • Select Program
    • Click Browse to select 'sqlservr.exe' at this location: [C:\Program Files\Microsoft SQL Server\MSSQL10_50.<INSTANCE_NAME>\MSSQL\Binn\sqlservr.exe] where <INSTANCE_NAME> is the name of your SQL instance.  If you're working on a 64-bit computer, the sqlservr.exe will be in C:\Program Files (x86).
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule sqlservr.exe
  7. Click New Rule again and use the following information to create another program exception.
    • Select Program
    • Click Browse to select sqlbrowser.exe at this location: [C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe].  If you're working on a 64-bit computer, the sqlbrowser.exe will be in C:\Program Files (x86).
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule sqlbrowser.exe

Share This