Configuring Windows Firewall

Owned by Anand Rajaraman
Last updated: Jun 23, 2024 by Del Gonzalez
5 min read

Windows Firewall helps prevent unauthorized access to computers in a network. The Windows operating system has built-in Firewall settings that allow users to control which applications can connect to the internet. By default, Windows will automatically enable connections for known applications. The users can also manually configure the firewall to add inbound or outbound rules to specific applications.

Some networks use the software firewall provided by Microsoft Windows, others use a software firewall provided by a different vendor (as shown in the following image), and high-security networks include hardware firewalls.

To turn Microsoft Defender Firewall ON or OFF, refer Turn Microsoft Defender Firewall on or off - Microsoft Support.

Opening ports in the firewall can leave the server exposed to malicious attacks. Make sure that you understand firewall systems before opening ports.

A Windows firewall manages all inbound and outbound connections. The inbound connections to applications are blocked unless they are on the allowed list. The outbound connections are not blocked if they do not match a rule.

The following procedure will help you through the steps to configure the Windows Firewall in Windows Server to allow user access to SQL Server.

  1. Click Start > All Programs > Administrative Tools > Server Manager. The Server Manager appears

  2. In Server Manager, expand the Configurations tab and Windows Firewall with Advanced Security

  3. Right-click Inbound Rules and click New Rule. The New Inbound Rule Wizard appears.

  4. On the New Inbound Rule Wizard's Rule Type page, select the Port option to control connections for a TCP or UDP Port. Click Next to continue with the wizard. The Protocol and Ports page appears.

     

  5. On the Protocol and Ports page, specify the protocols and ports to which this rule applies. Because SQL Server, when installed as a default instance, uses port 1433 as the default port, choose the TCP option and then specify a specific port number.

  6. Click Next to continue with the wizard.

  7. On the Action page, specify the action to be taken when a connection matches the conditions specified in this rule. In this case, choose to Allow the connection and click Next.

  8. The Profile page appears. On the Profile page, select Domain, and click Next. The Name page appears.

  9. Provide a meaningful name and description. For example:
    Name: SQL Server 2019 default Port 1433
    Description (Optional): Enable SQL Server 2019 Default Port (1433) for user connectivity.

  10. Click Finish to complete the wizard
    After the wizard configuration is complete, you will be able to see the new rule available under Inbound Rules.

  11. Repeat Steps 3 through 10 to set the UDP Port to 1434

  12. Repeat Steps 3 through 10 to set the TCP Port to 2025, to enable connection from remote workstations

Registered ports are those from 1024 through 49151, and Dynamic and Private Ports are those from 49152 through 65535. The registered port number range should not be used for named SQL Server instances because a future conflict is possible. Consult your IT department for assistance regarding port assignment.

Similar to the inbound rule in Windows firewall that blocks any port from accessing your system, you can create an outbound rule. You can block all incoming connections to your computer, even for allowed apps, which is useful in certain situations. For example, if you plan anyone from browsing the internet, you could create a new outbound connection rule in Windows 10 firewall that blocks port 80.

Here is a table that lists the Ports, TCP, UDP and their corresponding service used in Velocity.

Port

TCP

UDP

Service

Description

Port

TCP

UDP

Service

Description

2025

X

 

Velocity Client

Velocity Client uses this port

X

 

Velocity Security Domain

Velocity Security Domain Service uses this port

X

 

Velocity DIGI*TRAC Network

Velocity DIGI*TRAC Network Service uses this port

X

 

Velocity Server Extension

Velocity Server Extension Service uses this port

X

 

Velocity Web Service (Velocity4.Service.Host.exe)

Velocity Web Service uses this port

X

 

Velocity IDS

Velocity IDS Service uses this port

X

 

Velocity Video

Velocity Video Service uses this port

X

 

Velocity SDK

Velocity SDK uses this port

4056

X

 

Velocity Cert Check

Velocity Cert Check Service (VCCS) uses this port

4997

X

 

Velocity SQL Writer Client

Velocity SQL Writer Client using this port

4998

X

 

Velocity SQL Writer

Velocity SQL Writer Service uses this port

4070

X

 

Velocity Edge EVO

Velocity Edge EVO Service uses this port

8000

X

 

Velocity Video

Velocity Video Service uses this port

9096

 

X

Velocity Video Real.exe

Velocity Video Real application uses this port

11000

 

X

Velocity IDS

Velocity IDS Service uses this port

80

X

 

HTTP

HTTP Service uses this port

161, 465

 

X

SNMP

SNMP Service uses this port

162

 

X

SNMP Trap

SNMP Trap messages uses this port

1433, 1434

X

 

MS SQL

MS SQL uses this port

53

X

X

DNS

DNS uses this port

9910

 

X

MS Discovery Protocol

MS Discovery Protocol uses this port

123

 

X

NTP Time Service

NTP Time Service uses this port

443

X

 

SSL/SCVP Certificates Status Requests

SSL/SCVP Certificates uses this port

389

X

X

LDAP / Issuer Certificate and CRL downloads

LDAP / Issuer Certificate and CRL downloads use this port

135

X

 

Remote Procedure Call (RPC)

RPC uses this port

10001

X

X

DIGI*TRAC Hardware

DIGI*TRAC uses this port

445

X

 

SMB

SMB uses this port

133- 139

X

 

NetBIOS

NetBIOS uses this port

25

X

 

SMTP

SMTP uses this port

19001-19003

 

X

SNIB Configuration

SNIB Config Tool uses this port for discovery process