Firewall restrictions

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

If you connect to SQL Server through a firewall, configure the firewall, client, and server. You configure the client by using the SQL Server Client Network Utility and you configure the database server by using the Server Network Utility. By default, SQL Server listens on TCP port 1433, although you can change this. You must open the chosen port at the firewall.

Depending on the SQL Server authentication mode you choose and your application's use of distributed transactions, you may need to open several additional ports at the firewall:

  • If your application uses Windows authentication to connect to SQL Server, the necessary ports to support Kerberos or NTLM authentication must be open.

For networks that do not use Active Directory, TCP port 139 is usually required for Windows authentication. For more information about port requirements, see the articles, TCP and UDP Port Assignments at http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/tcpip/part4/tcpappc.mspx, and Security Considerations for Administrative Authority at http://www.microsoft.com/technet/security/bestprac/bpent/sec2/seconaa.mspx.

  • If your application uses distributed transactions, for example automated COM+ transactions, you might also need to configure your firewall to allow DTC traffic to flow between separate DTC instances, and between the DTC and resource managers such as SQL Server.

For full configuration details, see the "Step 7. Ports" section in Chapter 18, Securing Your Database Server at http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh18.asp

References

Personal tools