Configuring Windows Firewall for SQL Server

Alerts and notices

Leave feedback

Please rate this topic.

Excellent  |  Good  |  Average  |  Poor

Did you find the information you need?

Yes  |  No

Name (optional):

Leave this blank:

Please tell us how we can make this information more helpful.


Characters left:

To ensure that SQL based applications successfully connect to a remote instance of SQL Server on a machine that is running the Microsoft Windows Firewall, several exceptions must be configured.

Resolution

There are two ways to access Windows Firewall to modify its configuration. The first is by using the Standard Interface, which is accessed through Control Panel / Windows Firewall. Windows XP and Windows Server 2003 use only the Standard Interface.

The second is by using Windows Firewall with Advanced Security, which is accessed through Control Panel / Windows Firewall / Advanced Settings or through Control Panel / Administrative Tools / Windows Firewall with Advanced Security. For the required settings using each option, click the appropriate link below.

Note: When creating the application exceptions on a 64-bit Windows Operating System, the application path may use the Program Files (x86) directory instead of Program Files. This would occur if the SQL instance is 32-bit instead of 64-bit.

Four exceptions must be configured in Windows Firewall to allow access to SQL Server:

For Standard Windows Firewall:

  1. Open Control Panel and then open Windows Firewall.  Verify that the firewall is turned on and that Don't allow exceptions is not marked.
    SQL Firewall Standard 01
  2. Click on the Exceptions tab and click the Add Port button.  Enter the name "SQL Server TCP 1433", port number 1433 and select TCP below.  Then click OK to save the port exception.
    SQL Firewall Standard 02
  3. Click Add Port again and enter "SQL Server UDP 1434", port number 1434 and select UDP below.  Then click OK to save the port exception.
  4. Click Add Program and then Browse to select sqlservr.exe at this location: [C:\Program Files\Microsoft SQL Server\MSSQL10_50.<INSTANCE_NAME>\MSSQL\Binn\sqlservr.exe] where <INSTANCE_NAME> is the name of your SQL instance.  If you're working on a 64-bit computer, the sqlservr.exe will be in C:\Program Files (x86).
    SQL Firewall Standard 03
  5. Click Add Program again and then Browse to select sqlbrowser.exe at this location: [C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe].  If you're working on a 64-bit computer, the sqlbrowser.exe will be in C:\Program Files (x86).

For Windows Firewall with Advanced Security:

  1. Open Control Panel and then open Windows Firewall.  Click Advanced settings on the left side of the Windows Firewall window to open Windows Firewall with Advanced Security.
  2. Click Inbound Rules on the left side of the window and then New Rule on the right side.
    SQL Firewall Advanced 01
  3. In the New Inbound Rule Wizard dialog, use the following information to create a port exception:

    •Select Port
    •Select TCP and specify port 1433
    •Allow the connection
    •Choose all three profiles (Domain, Private & Public)
    •Name the rule "SQL Server TCP 1433"
  1. Click New Rule again and use the following information to create another port exception:

    •Select Port
    •Select UDP and specify port 1434
    •Allow the connection
    •Choose all three profiles (Domain, Private & Public)
    •Name the rule "SQL Server UDP 1434
  1. Click New Rule again and use the following information to create a program exception:

    •Select Program
    •Click Browse to select 'sqlservr.exe' at this location: [C:\Program Files\Microsoft SQL Server\MSSQL10_50.<INSTANCE_NAME>\MSSQL\Binn\sqlservr.exe] where <INSTANCE_NAME> is the name of your SQL instance.  If you're working on a 64-bit computer, the sqlservr.exe will be in C:\Program Files (x86).
    •Allow the connection
    •Choose all three profiles (Domain, Private & Public)
    •Name the rule sqlservr.exe
  2. Click New Rule again and use the following information to create another program exception:

    •Select Program
    •Click Browse to select sqlbrowser.exe at this location: [C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe].  If you're working on a 64-bit computer, the sqlbrowser.exe will be in C:\Program Files (x86).
    •Allow the connection
    •Choose all three profiles (Domain, Private & Public)
    •Name the rule sqlbrowser.exe

Share This