As part of the SQL server security hardening requirement, SQL Server may set to only allow TCP/IP protocol connection via Dynamic port.
A firewall rule on windows firewall is required for Windows Operation System later than version 2012.
I write a powershell script for this activity.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned $sqlpath = "C:\Program Files\Microsoft SQL Server\MSSQL11.VIRGILREPORTS\MSSQL\Binn\sqlservr.exe" New-NetFirewallRule -DisplayName "SQL Server Dynamic Port" -Direction Inbound -Program $sqlpath -Action Allow -Protocol TCP -Enabled True -Profile Domain
You may replace $sqlpath with the actual sql server installation location.
Normally application server/web server and the database are in the same domain. This rule will allow sql data engine to connect via TCP protocol from domain network.