Windows Firewall Configuration for SQL Applications in CS Professional Suite

Alerts and notices
Leave feedback

Internal Employees: Submit feedback

Contact information (optional):

Leave this blank:

Please tell us how we can make this information more helpful.


Characters left:

To ensure that SQL based applications successfully connect to a remote instance of SQL Server on a machine that is running the Microsoft Windows Firewall, several exceptions must be configured.

Note: If you are utilizing a firewall other than Windows Firewall, please make the port and program exceptions referenced below in accordance with your firewall provider's settings.

To modify the Windows Firewall configuration, you can access  Windows Firewall with Advanced Security through Control Panel > Windows Firewall > Advanced Settings or through Control Panel > Administrative Tools > Windows Firewall with Advanced Security. For the required settings using each option, click the appropriate link below.

Note: When creating the application exceptions on a 64-bit Windows Operating System, the application path may use the Program Files (x86) directory instead of Program Files. This would occur if the SQL instance is 32-bit instead of 64-bit.

  1. Configure the following exceptions in Windows Firewall to allow access to SQL Server.
    • A port exception for TCP Port 1433
    • A port exception for UDP Port 1434
    • A program exception for sqlservr.exe
    • A program exception for sqlbrowser.exe
  2. Open Control Panel and then open Windows Firewall.  Click Advanced settings on the left side of the Windows Firewall window to open Windows Firewall with Advanced Security.
  3. Click Inbound Rules on the left side of the window and then New Rule on the right side.
  4. In the New Inbound Rule Wizard dialog, use the following information to create a port exception.
    • Select  Port
    • Select  TCP and specify port  1433
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule "SQL Server TCP 1433"
  5. Click New Rule again and use the following information to create another port exception.
    • Select Port
    • Select UDP and specify port 1434
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule "SQL Server UDP 1434"
  6. Click New Rule again and use the following information to create a program exception.
    • Select Program
    • Click Browse to select sqlservr.exe at the applicable location. Show me.
      • If SQL Server is installed by a CS Professional Suite application: C:\Program Files\Microsoft SQL Server\MSSQL[SQLVersion]<INSTANCE_NAME>\MSSQL\Binn\
      • If a 32-bit version of SQL Server is installed on a 64-bit operating system: C:\Program Files (x86)\Microsoft SQL Server\MSSQL[SQLVersion]<INSTANCE_NAME>\MSSQL\Binn\
      • If a 64-bit version of SQL Server is installed on a 64-bit operating system: C:\Program Files\Microsoft SQL Server\MSSQL[SQLVersion]<INSTANCE_NAME>\MSSQL\Binn\
      • If a 32-bit version of SQL Server is installed on a 32-bit operating system: C:\Program Files\Microsoft SQL Server\MSSQL[SQLVersion]<INSTANCE_NAME>\MSSQL\Binn\

        Note: Where <INSTANCE_NAME> is the name of your SQL instance, and [SQLVersion] refers to the following:

      • 10 = SQL Server 2008
      • 10.5 = SQL Server 2008 R2
      • 11 = SQL Server 2012
      • 12 = SQL Server 2014
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule sqlservr.exe
  7. Click New Rule again and use the following information to create another program exception.
    • Select  Program
    • Click  Browse to select sqlbrowser.exe at this location: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe.  If you're working on a 64-bit computer, the sqlbrowser.exe will be in C:\Program Files (x86).
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule sqlbrowser.exe

Note: If connecting a named instance through a firewall, you may need to configure the Database engine to listen to a specific port, so that port can be opened in the firewall. For more information, refer to the following Microsoft topic. 

This icon appears alongside links to resources that are not developed or maintained by Thomson Reuters. We provide access to these resources for your convenience, but we are not responsible for their accuracy. If you need additional assistance, please consult your qualified technician and/or the vendor who developed the resource.

Share This