Configuring the Windows Firewall_v3.8.5
Windows Firewall helps prevent unauthorized access to computers in a network. The Windows operating system has built-in Firewall settings that allow users to control which applications can connect to the internet. By default, Windows will automatically enable connections for known applications. The users can also manually configure the firewall to add inbound or outbound rules to specific applications.
Some networks use the software firewall provided by Microsoft Windows, others use a software firewall provided by a different vendor (as shown in the following image), and high-security networks include hardware firewalls.
To turn Microsoft Defender Firewall on or off, refer https://support.microsoft.com/en-us/windows/turn-microsoft-defender-firewall-on-or-off-ec0844f7-aebd-0583-67fe-601ecf5d774f#ID0EFD=Windows_10 .
Opening ports in your firewall can leave your server exposed to malicious attacks. Make sure that you understand firewall systems before you open ports.
A Windows firewall manages all inbound connections and outbound connections. The inbound connections to applications are blocked unless they are on the allowed list. The outbound connections are not blocked if they do not match a rule.
The following procedure will help you through the steps to configure the Windows Firewall in Windows Server to allow users access to SQL Server.
Click Start â–º All Programs â–º Administrative Tools â–º Server Manager. The Server Manager appears.
In Server Manager, expand the Configurations tab and Windows Firewall with Advanced Security.
Right-click Inbound Rules and click New Rule. The New Inbound Rule Wizard appears.
On the New Inbound Rule Wizard's Rule Type page, select the Port option to control connections for a TCP or UDP Port. Click Next to continue with the wizard. The Protocol and Ports page appears.
Â
On the Protocol and Ports page, specify the protocols and ports to which this rule applies. Because SQL Server, when installed as a default instance, uses port 1433 as the default port, choose the TCP option and then specify a specific port number.
Click Next to continue with the wizard.
On the Action page, specify the action to be taken when a connection matches the conditions specified in this rule. In this case, choose to Allow the connection and click Next.
The Profile page appears. On the Profile page, select Domain, and click Next. The Name page appears.
Provide a meaningful name and description. For example:
Name: SQL Server 2019 default Port 1433
Description (Optional): Enable SQL Server 2019 Default Port (1433) for user connectivity.Click Finish to complete the wizard.
After the wizard configuration is complete, you will be able to see the new rule available under Inbound Rules.Repeat Steps 3 through 10 to set the UDP Port to 1434.
Repeat Steps 3 through 10 to set the TCP Port to 2025, to enable connection from remote workstations.
Registered Ports are those from 1024 through 49151, and Dynamic and Private Ports are those from 49152 through 65535. The registered port number range should not be used for named SQL Server instances because a future conflict is possible. Consult your IT department for assistance regarding the port assignment.
Similar to the inbound rule in Windows firewall that blocks any port from accessing your system, you can create an outbound rule. You can block all incoming connections to your computer, even for allowed apps, which is useful in certain situations. For example, if you plan anyone from browsing the internet, you could create a new outbound connection rule in Windows 10 firewall that blocks port 80.
Here is a table that lists the Ports, TCP, UDP and their corresponding service used in Velocity.
Port | TCP | UDP | Service | Description |
---|---|---|---|---|
2025 | X | Â | Velocity Client | Velocity Client uses this port |
X | Â | Velocity SD | Velocity SD uses this port | |
X | Â | DIGITRAC | Velocity DIGITRAC uses this port | |
X | Â | Extension Service | Velocity Extension Service uses this port | |
X | Â | Web Service (Velocity4.Service.Host.exe) | Velocity Web Service uses this port | |
X | Â | IDS Integration service | Velocity IDS Integration uses this port | |
X | Â | Video Service | Velocity Video Service using this port | |
X | Â | Velocity SDK | Velocity SDK using this port | |
4056 | X | Â | Velocity Cert Check Service Enrollment Listener | VCCS Enrollment Listener using this port |
4997 | X | Â | Velocity SQL Writer Client | Velocity SQL Writer Client using this port |
4998 | X | Â | Velocity SQL Writer Server | Velocity SQL Writer Server using this port |
4070 | X | Â | Edge service | Velocity Edge service uses this port |
8000 | X | Â | Velocity Video Service | Velocity Video service uses this port |
9096 | Â | X | Velocity Video Real.exe | Velocity Video Real application uses this port |
11000 | Â | X | Velocity IDS Service | Velocity IDS service uses this port |
80 | X | Â | HTTP | HTTP service uses this port |
161, 465 | Â | X | SNMP | SNMP service uses this port |
162 | Â | X | SNMP Trap | SNMP Trap messages uses this port |
1433, 1434 | X | Â | MS SQL | MS SQL uses this port |
53 | X | X | DNS | DNS uses this port |
9910 | Â | X | MS Discovery Protocol | MS Discovery Protocol uses this port |
123 | Â | X | NTP Time Service | NTP time service uses this port |
443 | X | Â | SSL/SCVP Certificates Status Requests | SSL/SCVP Certificates uses this port |
389 | X | X | LDAP / Issuer Certificate and CRL downloads | LDAP / Issuer Certificate and CRL downloads use this port |
135 | X | Â | Remote Procedure Call (RPC) | RPC uses this port |
10001 | X | X | DIGITRAC Hardware | DIGITRAC uses this port |
445 | X | Â | SMB | SMB uses this port |
133- 139 | X | Â | NetBIOS | NetBIOS uses this port |
25 | X | Â | SMTP | SMTP uses this port |
19001-19003 | Â | X | SNIB Configuration | SNIB Config Tool uses this port for discovery process |