|
Firewall systems
prevent unauthorized access to computer resources. To access an
instance of the Microsoft SQL Server Database Engine through a
firewall, you must configure the firewall on the computer running
SQL Server to allow access.
For
general information about how SQL Server works with firewall
systems, see Connecting to SQL Server over the Internet. There are
many firewall systems available. For information specific to your
system, see the firewall documentation.
The
principal steps to allow access are:
| 2.
|
Configure the
firewall to allow access to that port for authorized users or
computers.
|
|
Note:
|
|
The SQL Server
Browser service lets users connect to instances of the Database
Engine that are not listening on port 1433, without knowing the
port number. To use SQL Server Browser, you must open UDP port
1434. To promote the most secure environment, leave the SQL Server
Browser service stopped, and configure clients to connect using the
port number.
|
|
Note:
|
|
By default,
Microsoft Windows XP Service Pack 2 enables the Windows Firewall,
which closes port 1433 to prevent Internet computers from
connecting to a default instance of SQL Server on your computer.
Connections to the default instance using TCP/IP are not possible
unless you reopen port 1433. The basic steps to configure the
Windows XP firewall are provided in the following procedures. For
more information, see the Windows documentation.
|
Procedures
To open a port
in the Windows firewall for TCP access
| 1.
|
In Control
Panel, open
Network Connections, right-click
the active connection, and then click
Properties. |
| 2.
|
Click the
Advanced tab, and then
click
Windows Firewall Settings. |
| 3.
|
In the
Windows Firewall dialog box,
click the
Exceptions tab, and then
click
Add Port. |
| 4.
|
In the
Add a Port dialog box, in
the
Name text box,
type
SQL Server
<instance
name>. |
| 5.
|
In the
Port number text box, type
the port number of the instance of the Database Engine, such
as
1433 for the default
instance. |
| 6.
|
Verify
that
TCP is selected, and
then click
OK. |
| 7.
|
To open the port
to expose the SQL Server Browser service, click
Add Port, type
SQL Server Browser in the
Name text box,
type
1434 in the
Port Number text box,
select
UDP, and then
click
OK. |
|
Note:
|
|
To allow named
pipes access through the firewall, you must also enable
File and Printer Sharing through the
firewall.
|
| 8.
|
Close the
Windows Firewall and the
Properties dialog
boxes. |
|
Note:
|
|
Click
Add Program in the
Windows Firewall dialog box for
additional options, such as granting access to specific programs
and restricting access to certain IP addresses or network subnets.
For more information, see the Windows documentation.
|
As
an alternative to configuring SQL Server to listen on a fixed port
and opening the port, you can list the SQL Server executable
(Sqlservr.exe) as an exception to the blocked programs. Use this
method when you want to continue to use dynamic ports. Only one
instance of SQL Server can be accessed in this way.
To access a
program through the Windows firewall
| 1.
|
In the
Windows Firewall dialog box, on
the
Exceptions tab,
click
Add Program. |
| 2.
|
Click
Browse, and navigate
to the instance of SQL Server that you wish to access through the
firewall, and then click
Open. By default SQL
Server is at
C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\Sqlservr.exe. |
| 3.
|
Click
OK twice to close
the Windows firewall program. |
For
a brief tutorial about how to configure a static port, open the
firewall, and connect to the Database Engine by using SQL Server
Management Studio, see Getting Started with the Database Engine.
See
Also
Concepts
SQL Server Browser Service
Connecting to SQL Server Through a Proxy
Server
Help and Information
Getting SQL Server 2005 Assistance
|