-
Notifications
You must be signed in to change notification settings - Fork 225
SqlWindowsFirewall
dscbot edited this page Jan 20, 2024
·
9 revisions
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
Ensure | Write | String | Ensures that SQL Server services firewall rules are 'Present' or 'Absent' on the machine. |
Present , Absent
|
SourcePath | Write | String | UNC path to the root of the source files for installation. | |
Features | Key | String | SQL Server features to enable firewall rules for. | |
InstanceName | Key | String | SQL Server instance to enable firewall rules for. | |
DatabaseEngineFirewall | Read | Boolean | Returns wether the firewall rule(s) for the SQL Server Database Engine is enabled. | |
BrowserFirewall | Read | Boolean | Returns wether the firewall rule(s) for the SQL Server Browser is enabled. | |
ReportingServicesFirewall | Read | Boolean | Returns wether the firewall rule(s) for SQL Server Reporting Services is enabled. | |
AnalysisServicesFirewall | Read | Boolean | Returns wether the firewall rule(s) for SQL Server Analysis Services is enabled. | |
IntegrationServicesFirewall | Read | Boolean | Returns wether the firewall rule(s) for the SQL Server Integration Services is enabled. | |
SourceCredential | Write | PSCredential | Credentials used to access the path set in the parameter SourcePath. This parameter is optional either if built-in parameter PsDscRunAsCredential is used, or if the source path can be access using the SYSTEM account. |
The SqlWindowsFirewall
DSC resource will set default firewall rules for
the Database Engine, Analysis Services, SQL Browser, SQL Reporting Services,
and Integration Services features.
- Target machine must be running Windows Server 2012 or later.
Firewall Rule | Firewall Display Name |
---|---|
Application: sqlservr.exe | SQL Server Database Engine instance MSSQLSERVER |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Application: sqlservr.exe | SQL Server Database Engine instance <INSTANCE> |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Service: MSSQLServerOLAPService | SQL Server Analysis Services instance MSSQLSERVER |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Service: MSOLAP$<INSTANCE> | SQL Server Analysis Services instance <INSTANCE> |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Port: tcp/80 | SQL Server Reporting Services 80 |
Port: tcp/443 | SQL Server Reporting Services 443 |
Firewall Rule | Firewall Display Name |
---|---|
Application: MsDtsSrvr.exe | SQL Server Integration Services Application |
Port: tcp/135 | SQL Server Integration Services Port |
All issues are not listed here, see here for all open issues.
This example shows how to create the default rules for the supported features.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlWindowsFirewall 'Create_FirewallRules_For_SQL2012'
{
Ensure = 'Present'
Features = 'SQLENGINE,AS,RS,IS'
InstanceName = 'SQL2012'
SourcePath = '\\files.company.local\images\SQL2012'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlWindowsFirewall 'Create_FirewallRules_For_SQL2016'
{
Ensure = 'Present'
Features = 'SQLENGINE'
InstanceName = 'SQL2016'
SourcePath = '\\files.company.local\images\SQL2016'
SourceCredential = $SqlAdministratorCredential
}
}
}
This example shows how to remove the default rules for the supported features.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2012'
{
Ensure = 'Absent'
Features = 'SQLENGINE,AS,RS,IS'
InstanceName = 'SQL2012'
SourcePath = '\\files.company.local\images\SQL2012'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2016'
{
Ensure = 'Absent'
Features = 'SQLENGINE'
InstanceName = 'SQL2016'
SourcePath = '\\files.company.local\images\SQL2016'
SourceCredential = $SqlAdministratorCredential
}
}
}
- Add-SqlDscNode
- Add-SqlDscTraceFlag
- Complete-SqlDscFailoverCluster
- Complete-SqlDscImage
- Connect-SqlDscDatabaseEngine
- ConvertFrom-SqlDscDatabasePermission
- ConvertFrom-SqlDscServerPermission
- ConvertTo-SqlDscDatabasePermission
- ConvertTo-SqlDscServerPermission
- Disable-SqlDscAudit
- Disconnect-SqlDscDatabaseEngine
- Enable-SqlDscAudit
- Get-SqlDscAudit
- Get-SqlDscConfigurationOption
- Get-SqlDscDatabasePermission
- Get-SqlDscManagedComputer
- Get-SqlDscManagedComputerService
- Get-SqlDscPreferredModule
- Get-SqlDscServerPermission
- Get-SqlDscStartupParameter
- Get-SqlDscTraceFlag
- Import-SqlDscPreferredModule
- Initialize-SqlDscRebuildDatabase
- Install-SqlDscServer
- Invoke-SqlDscQuery
- New-SqlDscAudit
- Remove-SqlDscAudit
- Remove-SqlDscNode
- Remove-SqlDscTraceFlag
- Repair-SqlDscServer
- Save-SqlDscSqlServerMediaFile
- Set-SqlDscAudit
- Set-SqlDscDatabasePermission
- Set-SqlDscServerPermission
- Set-SqlDscStartupParameter
- Set-SqlDscTraceFlag
- Test-SqlDscIsDatabasePrincipal
- Test-SqlDscIsLogin
- Test-SqlDscIsSupportedFeature
- Uninstall-SqlDscServer
- SqlAG
- SqlAGDatabase
- SqlAgentAlert
- SqlAgentFailsafe
- SqlAgentOperator
- SqlAGListener
- SqlAGReplica
- SqlAlias
- SqlAlwaysOnService
- SqlAudit
- SqlConfiguration
- SqlDatabase
- SqlDatabaseDefaultLocation
- SqlDatabaseMail
- SqlDatabaseObjectPermission
- SqlDatabasePermission
- SqlDatabaseRole
- SqlDatabaseUser
- SqlEndpoint
- SqlEndpointPermission
- SqlLogin
- SqlMaxDop
- SqlMemory
- SqlPermission
- SqlProtocol
- SqlProtocolTcpIp
- SqlReplication
- SqlRole
- SqlRS
- SqlRSSetup
- SqlScript
- SqlScriptQuery
- SqlSecureConnection
- SqlServiceAccount
- SqlSetup
- SqlTraceFlag
- SqlWaitForAG
- SqlWindowsFirewall