201908 – PS – Firewall rule for SQL server running on Dynamic Port

As part of the SQL server security hardening requirement, SQL Server may set to only allow TCP/IP protocol connection via Dynamic port.

A firewall rule on windows firewall is required for Windows Operation System later than version 2012.

I write a powershell script for this activity.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
$sqlpath = "C:\Program Files\Microsoft SQL Server\MSSQL11.VIRGILREPORTS\MSSQL\Binn\sqlservr.exe"
New-NetFirewallRule -DisplayName "SQL Server Dynamic Port" -Direction Inbound -Program $sqlpath -Action Allow -Protocol TCP -Enabled True -Profile Domain

You may replace $sqlpath with the actual sql server installation location.

Normally application server/web server and the database are in the same domain. This rule will allow sql data engine to connect via TCP protocol from domain network.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s