forked from dsccommunity/SqlServerDsc
-
Notifications
You must be signed in to change notification settings - Fork 2
SqlWindowsFirewall
johlju edited this page Jun 19, 2020
·
2 revisions
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
Ensure | Write | String | An enumerated value that describes if the SQL firewall rules are is expected to be enabled on the machine. | |
Present {default} | ||||
Absent | ||||
Present, Absent | ||||
SourcePath | Write | String | UNC path to the root of the source files for installation. | |
Features | Key | String | SQL features to enable firewall rules for. | |
InstanceName | Key | String | SQL instance to enable firewall rules for. | |
DatabaseEngineFirewall | Read | Boolean | Is the firewall rule for the Database Engine enabled? | |
BrowserFirewall | Read | Boolean | Is the firewall rule for the Browser enabled? | |
ReportingServicesFirewall | Read | Boolean | Is the firewall rule for Reporting Services enabled? | |
AnalysisServicesFirewall | Read | Boolean | Is the firewall rule for Analysis Services enabled? | |
IntegrationServicesFirewall | Read | Boolean | Is the firewall rule for the Integration Services enabled? | |
SourceCredential | Write | PSCredential | Credentials used to access the path set in the parameter 'SourcePath'. |
The SqlWindowsFirewall
DSC resource will set default firewall rules for
the Database Engine, Analysis Services, SQL Browser, SQL Reporting Services,
and Integration Services features.
- Target machine must be running Windows Server 2012 or later.
Firewall Rule | Firewall Display Name |
---|---|
Application: sqlservr.exe | SQL Server Database Engine instance MSSQLSERVER |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Application: sqlservr.exe | SQL Server Database Engine instance <INSTANCE> |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Service: MSSQLServerOLAPService | SQL Server Analysis Services instance MSSQLSERVER |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Service: MSOLAP$<INSTANCE> | SQL Server Analysis Services instance <INSTANCE> |
Service: SQLBrowser | SQL Server Browser |
Firewall Rule | Firewall Display Name |
---|---|
Port: tcp/80 | SQL Server Reporting Services 80 |
Port: tcp/443 | SQL Server Reporting Services 443 |
Firewall Rule | Firewall Display Name |
---|---|
Application: MsDtsSrvr.exe | SQL Server Integration Services Application |
Port: tcp/135 | SQL Server Integration Services Port |
All issues are not listed here, see here for all open issues.
This example shows how to create the default rules for the supported features.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlWindowsFirewall 'Create_FirewallRules_For_SQL2012'
{
Ensure = 'Present'
Features = 'SQLENGINE,AS,RS,IS'
InstanceName = 'SQL2012'
SourcePath = '\\files.company.local\images\SQL2012'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlWindowsFirewall 'Create_FirewallRules_For_SQL2016'
{
Ensure = 'Present'
Features = 'SQLENGINE'
InstanceName = 'SQL2016'
SourcePath = '\\files.company.local\images\SQL2016'
SourceCredential = $SqlAdministratorCredential
}
}
}
This example shows how to remove the default rules for the supported features.
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential
)
Import-DscResource -ModuleName 'SqlServerDsc'
node localhost
{
SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2012'
{
Ensure = 'Absent'
Features = 'SQLENGINE,AS,RS,IS'
InstanceName = 'SQL2012'
SourcePath = '\\files.company.local\images\SQL2012'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2016'
{
Ensure = 'Absent'
Features = 'SQLENGINE'
InstanceName = 'SQL2016'
SourcePath = '\\files.company.local\images\SQL2016'
SourceCredential = $SqlAdministratorCredential
}
}
}
- SqlAG
- SqlAGDatabase
- SqlAgentAlert
- SqlAgentFailsafe
- SqlAgentOperator
- SqlAGListener
- SqlAGReplica
- SqlAlias
- SqlAlwaysOnService
- SqlConfiguration
- SqlDatabase
- SqlDatabaseDefaultLocation
- SqlDatabaseMail
- SqlDatabaseObjectPermission
- SqlDatabaseOwner
- SqlDatabasePermission
- SqlDatabaseRecoveryModel
- SqlDatabaseRole
- SqlDatabaseUser
- SqlEndpoint
- SqlEndpointPermission
- SqlLogin
- SqlMaxDop
- SqlMemory
- SqlPermission
- SqlProtocol
- SqlProtocolTcpIp
- SqlReplication
- SqlRole
- SqlRS
- SqlRSSetup
- SqlScript
- SqlScriptQuery
- SqlSecureConnection
- SqlServerConfiguration
- SqlServerDatabaseMail
- SqlServerEndpoint
- SqlServerEndpointPermission
- SqlServerEndpointState
- SqlServerLogin
- SqlServerMaxDop
- SqlServerMemory
- SqlServerNetwork
- SqlServerPermission
- SqlServerProtocol
- SqlServerProtocolTcpIp
- SqlServerReplication
- SqlServerRole
- SqlServerSecureConnection
- SqlServiceAccount
- SqlSetup
- SqlWaitForAG
- SqlWindowsFirewall