Skip to content
johlju edited this page Jun 19, 2020 · 2 revisions

SqlWindowsFirewall

Parameters

Parameter Attribute DataType Description Allowed Values
Ensure Write String An enumerated value that describes if the SQL firewall rules are is expected to be enabled on the machine.
Present {default}
Absent
Present, Absent
SourcePath Write String UNC path to the root of the source files for installation.
Features Key String SQL features to enable firewall rules for.
InstanceName Key String SQL instance to enable firewall rules for.
DatabaseEngineFirewall Read Boolean Is the firewall rule for the Database Engine enabled?
BrowserFirewall Read Boolean Is the firewall rule for the Browser enabled?
ReportingServicesFirewall Read Boolean Is the firewall rule for Reporting Services enabled?
AnalysisServicesFirewall Read Boolean Is the firewall rule for Analysis Services enabled?
IntegrationServicesFirewall Read Boolean Is the firewall rule for the Integration Services enabled?
SourceCredential Write PSCredential Credentials used to access the path set in the parameter 'SourcePath'.

Description

The SqlWindowsFirewall DSC resource will set default firewall rules for the Database Engine, Analysis Services, SQL Browser, SQL Reporting Services, and Integration Services features.

Requirements

  • Target machine must be running Windows Server 2012 or later.

Firewall rules

Database Engine (SQLENGINE) - Default instance

Firewall Rule Firewall Display Name
Application: sqlservr.exe SQL Server Database Engine instance MSSQLSERVER
Service: SQLBrowser SQL Server Browser

Database Engine (SQLENGINE) - Named instance

Firewall Rule Firewall Display Name
Application: sqlservr.exe SQL Server Database Engine instance <INSTANCE>
Service: SQLBrowser SQL Server Browser

Analysis Services (AS) - Default instance

Firewall Rule Firewall Display Name
Service: MSSQLServerOLAPService SQL Server Analysis Services instance MSSQLSERVER
Service: SQLBrowser SQL Server Browser

Analysis Services (AS) - Named instance

Firewall Rule Firewall Display Name
Service: MSOLAP$<INSTANCE> SQL Server Analysis Services instance <INSTANCE>
Service: SQLBrowser SQL Server Browser

Reporting Services (RS)

Firewall Rule Firewall Display Name
Port: tcp/80 SQL Server Reporting Services 80
Port: tcp/443 SQL Server Reporting Services 443

Integration Services (IS)

Firewall Rule Firewall Display Name
Application: MsDtsSrvr.exe SQL Server Integration Services Application
Port: tcp/135 SQL Server Integration Services Port

Known issues

All issues are not listed here, see here for all open issues.

Examples

Example 1

This example shows how to create the default rules for the supported features.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]
        $SqlAdministratorCredential
    )

    Import-DscResource -ModuleName 'SqlServerDsc'

    node localhost
    {
        SqlWindowsFirewall 'Create_FirewallRules_For_SQL2012'
        {
            Ensure               = 'Present'
            Features             = 'SQLENGINE,AS,RS,IS'
            InstanceName         = 'SQL2012'
            SourcePath           = '\\files.company.local\images\SQL2012'

            PsDscRunAsCredential = $SqlAdministratorCredential
        }

        SqlWindowsFirewall 'Create_FirewallRules_For_SQL2016'
        {
            Ensure           = 'Present'
            Features         = 'SQLENGINE'
            InstanceName     = 'SQL2016'
            SourcePath       = '\\files.company.local\images\SQL2016'

            SourceCredential = $SqlAdministratorCredential
        }
    }
}

Example 2

This example shows how to remove the default rules for the supported features.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]
        $SqlAdministratorCredential
    )

    Import-DscResource -ModuleName 'SqlServerDsc'

    node localhost
    {
        SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2012'
        {
            Ensure               = 'Absent'
            Features             = 'SQLENGINE,AS,RS,IS'
            InstanceName         = 'SQL2012'
            SourcePath           = '\\files.company.local\images\SQL2012'

            PsDscRunAsCredential = $SqlAdministratorCredential
        }

        SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2016'
        {
            Ensure           = 'Absent'
            Features         = 'SQLENGINE'
            InstanceName     = 'SQL2016'
            SourcePath       = '\\files.company.local\images\SQL2016'

            SourceCredential = $SqlAdministratorCredential
        }
    }
}
Clone this wiki locally