We will perform this activity on the Domain Controller.
Click on Server Manager, click on Tools, open Group policy management console.
Right Click on the domain and Create a GPO.
Provide a name to the GPO and click OK.
Expand > Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with advanced security > Right click on "Inbound rules" and click on New Rule...
Select "Predefined:" and find "File and Printer Sharing". Next.
Next.
Select "Allow the connection". Finish.
This time select "Outbound Rule" and click on "New Rule". Choose "Predefined;" and find "File and Printer Sharing". Next.
Next.
Select "Allow the connection". Finish.
Now we create an "Inbound Rule" to allow WMI service on our Firewall.
This time select "Outbound Rule" and click on "New Rule". Choose "Predefined;" and find "Windows Management Instrumentation (WMI)". Next.
Next.
Select "Allow the connection". Finish.
Opening Ports for SQL Replication
Why should the ports 1433 and 4022 opened on Firewall ??
Port 1433 – SQL Server listens for incoming connections on a particular port. The default port for SQL Server is 1433. It applies to routine connections to the default installation of the Database Engine, or a named instance that is the only instance running on the computer.
Port 4022 – This is SQL Service Broker, though there is no default port for SQL Server Service Broker, but this is the port that we allow inbound on our firewall.
Select "Port". Next
Type in "Specific local ports": 1433. Next
Select "Allow the connection". Next.
Next.
Give the rule a name "TCP Inbound 1433". Finish
Similarly create an Inbound Rule to allow port 4022. choose TCP and specify the port number as 4022. Click on Next.
Give the rule a name "TCP Inbound 4022". Finish
Review your rules here.
Do a gpupdate to check the new gpo.
Done.
Manual Firewall Configuration with batch Script.
- Make sure the firewall service is ON
Run this script in an elevated command prompt order to open the necessary ports needed for SCCM.
** If you are using custom ports, change the values before running the script. **
** If you are using custom ports, change the values before running the script. **
@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh advfirewall firewall add rule name="SQL Server" dir=in action=allow protocol=TCP localport=1433
@echo Enabling Dedicated Admin Connection port 1434
netsh advfirewall firewall add rule name="SQL Admin Connection" dir=in action=allow protocol=TCP localport=1434
@echo Enabling conventional SQL Server Service Broker port 4022
netsh advfirewall firewall add rule name="SQL Service Broker" dir=in action=allow protocol=TCP localport=4022
@echo Enabling Transact-SQL Debugger/RPC port 135
netsh advfirewall firewall add rule name="SQL Debugger/RPC" dir=in action=allow protocol=TCP localport=135
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh advfirewall firewall add rule name="Analysis Services" dir=in action=allow protocol=TCP localport=2383
@echo Enabling SQL Server Browser Service port 2382
netsh advfirewall firewall add rule name="SQL Browser" dir=in action=allow protocol=TCP localport=2382
@echo ========= Misc Applications ==============
@echo Enabling HTTP port 80
netsh advfirewall firewall add rule name="HTTP" dir=in action=allow protocol=TCP localport=80
@echo Enabling SSL port 443
netsh advfirewall firewall add rule name="SSL" dir=in action=allow protocol=TCP localport=443
@echo Enabling port for SQL Server Browser Service's 'Browse' Button
netsh advfirewall firewall add rule name="SQL Browser" dir=in action=allow protocol=TCP localport=1434
@echo Allowing Ping command
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
No comments:
Post a Comment