Configuring the Windows Firewall_v3.8.5

Windows Firewall helps prevent unauthorized access to computers in a network. The Windows operating system has built-in Firewall settings that allow users to control which applications can connect to the internet. By default, Windows will automatically enable connections for known applications. The users can also manually configure the firewall to add inbound or outbound rules to specific applications.

Some networks use the software firewall provided by Microsoft Windows, others use a software firewall provided by a different vendor (as shown in the following image), and high-security networks include hardware firewalls.

To turn Microsoft Defender Firewall on or off, refer https://support.microsoft.com/en-us/windows/turn-microsoft-defender-firewall-on-or-off-ec0844f7-aebd-0583-67fe-601ecf5d774f#ID0EFD=Windows_10 .

Opening ports in your firewall can leave your server exposed to malicious attacks. Make sure that you understand firewall systems before you open ports.

A Windows firewall manages all inbound connections and outbound connections. The inbound connections to applications are blocked unless they are on the allowed list. The outbound connections are not blocked if they do not match a rule.

The following procedure will help you through the steps to configure the Windows Firewall in Windows Server to allow users access to SQL Server.

  1. Click Start â–º All Programs â–º Administrative Tools â–º Server Manager. The Server Manager appears.

  2. In Server Manager, expand the Configurations tab and Windows Firewall with Advanced Security.

  3. Right-click Inbound Rules and click New Rule. The New Inbound Rule Wizard appears.

  4. On the New Inbound Rule Wizard's Rule Type page, select the Port option to control connections for a TCP or UDP Port. Click Next to continue with the wizard. The Protocol and Ports page appears.

     

  5. On the Protocol and Ports page, specify the protocols and ports to which this rule applies. Because SQL Server, when installed as a default instance, uses port 1433 as the default port, choose the TCP option and then specify a specific port number.

  6. Click Next to continue with the wizard.

  7. On the Action page, specify the action to be taken when a connection matches the conditions specified in this rule. In this case, choose to Allow the connection and click Next.

  8. The Profile page appears. On the Profile page, select Domain, and click Next. The Name page appears.

  9. Provide a meaningful name and description. For example:
    Name: SQL Server 2019 default Port 1433
    Description (Optional): Enable SQL Server 2019 Default Port (1433) for user connectivity.

  10. Click Finish to complete the wizard.
    After the wizard configuration is complete, you will be able to see the new rule available under Inbound Rules.

  11. Repeat Steps 3 through 10 to set the UDP Port to 1434.

  12. Repeat Steps 3 through 10 to set the TCP Port to 2025, to enable connection from remote workstations.

Registered Ports are those from 1024 through 49151, and Dynamic and Private Ports are those from 49152 through 65535. The registered port number range should not be used for named SQL Server instances because a future conflict is possible. Consult your IT department for assistance regarding the port assignment.

Similar to the inbound rule in Windows firewall that blocks any port from accessing your system, you can create an outbound rule. You can block all incoming connections to your computer, even for allowed apps, which is useful in certain situations. For example, if you plan anyone from browsing the internet, you could create a new outbound connection rule in Windows 10 firewall that blocks port 80.

Here is a table that lists the Ports, TCP, UDP and their corresponding service used in Velocity.

Port

TCP

UDP

Service

Description

Port

TCP

UDP

Service

Description

2025

X

 

Velocity Client

Velocity Client uses this port

X

 

Velocity SD

Velocity SD uses this port

X

 

DIGITRAC

Velocity DIGITRAC uses this port

X

 

Extension Service

Velocity Extension Service uses this port

X

 

Web Service (Velocity4.Service.Host.exe)

Velocity Web Service uses this port

X

 

IDS Integration service

Velocity IDS Integration uses this port

X

 

Video Service

Velocity Video Service using this port

X

 

Velocity SDK

Velocity SDK using this port

4056

X

 

Velocity Cert Check Service Enrollment Listener

VCCS Enrollment Listener using this port

4997

X

 

Velocity SQL Writer Client

Velocity SQL Writer Client using this port

4998

X

 

Velocity SQL Writer Server

Velocity SQL Writer Server using this port

4070

X

 

Edge service

Velocity Edge service uses this port

8000

X

 

Velocity Video Service

Velocity Video service uses this port

9096

 

X

Velocity Video Real.exe

Velocity Video Real application uses this port

11000

 

X

Velocity IDS Service

Velocity IDS service uses this port

80

X

 

HTTP

HTTP service uses this port

161, 465

 

X

SNMP

SNMP service uses this port

162

 

X

SNMP Trap

SNMP Trap messages uses this port

1433, 1434

X

 

MS SQL

MS SQL uses this port

53

X

X

DNS

DNS uses this port

9910

 

X

MS Discovery Protocol

MS Discovery Protocol uses this port

123

 

X

NTP Time Service

NTP time service uses this port

443

X

 

SSL/SCVP Certificates Status Requests

SSL/SCVP Certificates uses this port

389

X

X

LDAP / Issuer Certificate and CRL downloads

LDAP / Issuer Certificate and CRL downloads use this port

135

X

 

Remote Procedure Call (RPC)

RPC uses this port

10001

X

X

DIGITRAC Hardware

DIGITRAC uses this port

445

X

 

SMB

SMB uses this port

133- 139

X

 

NetBIOS

NetBIOS uses this port

25

X

 

SMTP

SMTP uses this port

19001-19003

 

X

SNIB Configuration

SNIB Config Tool uses this port for discovery process