PowerShell Script for SQL Firewall rules


As Netsh Firewall commands are now depreciated , I have written a PowerShell script for use with deploying SQL or accessing remote instances.

 

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned  
#Enabling SQL Server Ports
New-NetFirewallRule -DisplayName “SQL Server” -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow
New-NetFirewallRule -DisplayName “SQL Admin Connection” -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Database Management” -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Service Broker” -Direction Inbound –Protocol TCP –LocalPort 4022 -Action allow
New-NetFirewallRule -DisplayName “SQL Debugger/RPC” -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow
#Enabling SQL Analysis Ports
New-NetFirewallRule -DisplayName “SQL Analysis Services” -Direction Inbound –Protocol TCP –LocalPort 2383 -Action allow
New-NetFirewallRule -DisplayName “SQL Browser” -Direction Inbound –Protocol TCP –LocalPort 2382 -Action allow
#Enabling Misc. Applications
New-NetFirewallRule -DisplayName “HTTP” -Direction Inbound –Protocol TCP –LocalPort 80 -Action allow
New-NetFirewallRule -DisplayName “SSL” -Direction Inbound –Protocol TCP –LocalPort 443 -Action allow
New-NetFirewallRule -DisplayName “SQL Server Browse Button Service” -Direction Inbound –Protocol UDP –LocalPort 1433 -Action allow
#Enable Windows Firewall
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True

8 thoughts on “PowerShell Script for SQL Firewall rules

  1. Great post Ryan, very informative. Unfortunately, I had to disable my domain firewall to connect from SQL Management studio on another domain computer.

    Set-NetFirewallProfile -Profile DOMAIN -Enabled False

    Have you ran into this issue before? I am not using a custom SQL port as far as I know. I am using WIndows Server Core 2012 with SQL Server 2012 SP1 Enterprise.

    Firewalls are a pain to configure via shell vs GUI.

      1. You can change the port from dynamic to static using the SQL server configuration manager. You would need to change the dynamic ports to 1433. (remove the 0’s) and remove the option for listen all under TCP settings.

        Best Regards,

      2. Windows Server Core 2012 does not have SQL config manager GUI 😦 Have to use PowerShell or CMD.

        Sent from Windows Mail

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s