Securing MS SQL With Windows Firewall

If you plan on using the Windows Firewall Application with an instance of SQL Server, then you must configure the firewall to allow incoming connections to SQL Server. By default, all rules are set to apply to all incoming connections. You might wish to restrict your 'Allow' rules to specific IP Addresses by changing the scope of your rules in Windows Firewall.

To configure port access through Windows Firewall

  1. In Control Panel, open Network Connections, right-click the active connection, and then click Properties.
  2. Click the Advanced tab, and then click Windows Firewall Settings.
  3. In the Windows Firewall dialog box, click the Exceptions tab, and then click Add Port.
  4. In the Add a Port dialog box, in the Name text box, type SQL Server .
  5. In the Port number text box, type the port number of the instance of the Database Engine, such as 1433 for the default instance.
  6. Verify that TCP is selected, and then click OK.
  7. To open the port to expose the SQL Server Browser service, click Add Port, type SQL Server Browser in the Name text box, type 1434 in the Port Number text box, select UDP, and then click OK.

To change the scope of rules in Windows Firewall

  1. In Control Panel, open Network Connections, right-click the active connection, and then click Properties.
  2. Click the Advanced tab, and then click Windows Firewall Settings.
  3. In the Windows Firewall dialog box, click the Exceptions tab, select the rule you wish to modify, click Edit, and select Change Scope.
  4. If you wish to only allow access via IP, then input the allowed IP addresses, and click OK three times to close the Windows Firewall program.

Note: Make sure you change the scope for both your TCP and UDP rules.