IT Nota

Default Ports Used by SQL Server

Microsoft SQL Server LogoThe most often asked question when configuring a firewall for SQL Server access is what ports are used by SQL Server? If your SQL Server uses default port numbers, it’s important to have TCP port 1343 & UDP port 1344 at the minimum opened. The rest port numbers are listed on the table below.

It’s important to note that a named instance will have a dynamic port number other than 1433 used and it might be better be configured to use a static port instead.

Ports Used by SQL Server Database Engine

Scenario

Port

Comments

SQL Server default instance running over TCP

TCP port 1433

This is the most common port allowed through the firewall. It applies to routine connections to the default installation of the Database Engine, or a named instance that is the only instance running on the computer. (Named instances have special considerations. See Dynamic Ports later in this topic.)

SQL Server named instances in the default configuration

The TCP port is a dynamic port determined at the time the Database Engine starts.

See the discussion below in the section Dynamic Ports. UDP port 1434 might be required for the SQL Server Browser Service when you are using named instances.

SQL Server named instances when they are configured to use a fixed port

The port number configured by the administrator.

See the discussion below in the section Dynamic Ports.

Dedicated Admin Connection

TCP port 1434 for the default instance. Other ports are used for named instances. Check the error log for the port number.

By default, remote connections to the Dedicated Administrator Connection (DAC) are not enabled. To enable remote DAC, use the Surface Area Configuration facet. For more information, see Surface Area Configuration.

SQL Server Browser service

UDP port 1434

The SQL Server Browser service listens for incoming connections to a named instance and provides the client the TCP port number that corresponds to that named instance. Normally the SQL Server Browser service is started whenever named instances of the Database Engine are used. The SQL Server Browser service does not have to be started if the client is configured to connect to the specific port of the named instance.

SQL Server instance running over an HTTP endpoint.

Can be specified when an HTTP endpoint is created. The default is TCP port 80 for CLEAR_PORT traffic and 443 for SSL_PORT traffic.

Used for an HTTP connection through a URL.

SQL Server default instance running over an HTTPS endpoint.

TCP port 443

Used for an HTTPS connection through a URL. HTTPS is an HTTP connection that uses secure sockets layer (SSL).

Service Broker

TCP port 4022. To verify the port used, execute the following query:

SELECT name, protocol_desc, port, state_desc

FROM sys.tcp_endpoints

WHERE type_desc = ‘SERVICE_BROKER’

There is no default port for SQL Server Service Broker, but this is the conventional configuration used in Books Online examples.

Database Mirroring

Administrator chosen port. To determine the port, execute the following query:

SELECT name, protocol_desc, port, state_desc FROM sys.tcp_endpoints

WHERE type_desc = ‘DATABASE_MIRRORING’

There is no default port for Database mirroring however Books online examples use TCP port 7022. It is very important to avoid interrupting an in-use mirroring endpoint, especially in high-safety mode with automatic failover. Your firewall configuration must avoid breaking quorum. For more information, see Specify a Server Network Address (Database Mirroring).

Replication

Replication connections to SQL Server use the typical regular Database Engine ports (TCP port 1433 for the default instance, etc.)

Web synchronization and FTP/UNC access for replication snapshot require additional ports to be opened on the firewall. To transfer initial data and schema from one location to another, replication can use FTP (TCP port 21), or sync over HTTP (TCP port 80) or File and Print Sharing (TCP port 137,138, or 139).

For sync over HTTP, replication uses the IIS endpoint (ports for which are configurable but is port 80 by default), but the IIS process connects to the backend SQL Server through the standard ports (1433 for the default instance.

During Web synchronization using FTP, the FTP transfer is between IIS and the SQL Server publisher, not between subscriber and IIS.

Transact-SQL debugger

TCP port 135

See Special Considerations for Port 135

The IPsec exception might also be required.

If using Visual Studio, on the Visual Studio host computer, you must also add Devenv.exe to the Exceptions list and open TCP port 135.

If using Management Studio, on the Management Studio host computer, you must also add ssms.exe to the Exceptions list and open TCP port 135. For more information, see Configure the Transact-SQL Debugger.

Further Reading

Configure the Windows Firewall to Allow SQL Server Access
TCP/IP port numbers required to communicate to SQL over a firewall

Buy me a coffee?

Buy me a coffee If you find any of the articles or demos helpful, please consider supporting my work here, you'll have my big thanks!

Recent Posts

Tags

.NET .NET Core AdSense ASP.NET Cdonts Dll Classic ASP Code Editor ETL FSharp Genesis Framework Git Google HP Asset Manager HTML5 Hugo IIS Information Security Internet Internet Information Services iOS JAMStack Linux macOS Microsoft Microsoft SQL Server MVC PHP PowerShell Python Simple Mail Transfer Protocol Smtp Server SQL SQL Server SSIS SSMS SSRS Sublime Text Visual Studio Visual Studio Code VPN Windows Windows 8 Windows 10 Windows 2012 Windows Server