SQL Server firewall port for Domain and LocalSubnet

I’m a big beliver of Defense in Depth, when it concerns to Information Technology Security.

As such I always leave the default Windows Firewall activated, in my configs.

Every so often I install a SQL Server, and I need to open the port. It’s not just opening a 1433/TCP port from everywhere, but more to add just the right rule to allow Domain computers and LocalSubnet machines to talk to the SQL Server. The following command will do it.

netsh advfirewall firewall add rule name = “Microsoft SQL Server” dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN

and if you use the SQL Server 2012 AlwaysOn Availability Groups you might  want to add

netsh advfirewall firewall add rule name = “Microsoft SQL Server Listener Port” dir = in protocol = tcp action = allow localport = 5022 remoteip = localsubnet profile = DOMAIN

 

The second small entry for myself, is SQLServerManager11.msc to call up the SQL Configuration Manager of a SQL Server 2012 when the icon is missing from the Desktop or Start Menu.

I’ve written this small entry, more for myself, so I can find it back again quickly.