SqlWindowsFirewall

Parameters

Parameter	Attribute	DataType	Description	Allowed Values
Features	Key	String	SQL Server features to enable firewall rules for.
InstanceName	Key	String	SQL Server instance to enable firewall rules for.
Ensure	Write	String	Ensures that SQL Server services firewall rules are `'Present'` or `'Absent'` on the machine.	`Present`, `Absent`
SourceCredential	Write	PSCredential	Credentials used to access the path set in the parameter SourcePath. This parameter is optional either if built-in parameter PsDscRunAsCredential is used, or if the source path can be access using the SYSTEM account.
SourcePath	Write	String	UNC path to the root of the source files for installation.
AnalysisServicesFirewall	Read	Boolean	Returns wether the firewall rule(s) for SQL Server Analysis Services is enabled.
BrowserFirewall	Read	Boolean	Returns wether the firewall rule(s) for the SQL Server Browser is enabled.
DatabaseEngineFirewall	Read	Boolean	Returns wether the firewall rule(s) for the SQL Server Database Engine is enabled.
IntegrationServicesFirewall	Read	Boolean	Returns wether the firewall rule(s) for the SQL Server Integration Services is enabled.
ReportingServicesFirewall	Read	Boolean	Returns wether the firewall rule(s) for SQL Server Reporting Services is enabled.

Description

The SqlWindowsFirewall DSC resource will set default firewall rules for the Database Engine, Analysis Services, SQL Browser, SQL Reporting Services, and Integration Services features.

Requirements

Target machine must be running Windows Server 2012 or later.

Firewall rules

Database Engine (SQLENGINE) - Default instance

Firewall Rule	Firewall Display Name
Application: sqlservr.exe	SQL Server Database Engine instance MSSQLSERVER
Service: SQLBrowser	SQL Server Browser

Database Engine (SQLENGINE) - Named instance

Firewall Rule	Firewall Display Name
Application: sqlservr.exe	SQL Server Database Engine instance <INSTANCE>
Service: SQLBrowser	SQL Server Browser

Analysis Services (AS) - Default instance

Firewall Rule	Firewall Display Name
Service: MSSQLServerOLAPService	SQL Server Analysis Services instance MSSQLSERVER
Service: SQLBrowser	SQL Server Browser

Analysis Services (AS) - Named instance

Firewall Rule	Firewall Display Name
Service: MSOLAP$<INSTANCE>	SQL Server Analysis Services instance <INSTANCE>
Service: SQLBrowser	SQL Server Browser

Reporting Services (RS)

Firewall Rule	Firewall Display Name
Port: tcp/80	SQL Server Reporting Services 80
Port: tcp/443	SQL Server Reporting Services 443

Integration Services (IS)

Firewall Rule	Firewall Display Name
Application: MsDtsSrvr.exe	SQL Server Integration Services Application
Port: tcp/135	SQL Server Integration Services Port

Known issues

All issues are not listed here, see here for all open issues.

Examples

Example 1

This example shows how to create the default rules for the supported features.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]
        $SqlAdministratorCredential
    )

    Import-DscResource -ModuleName 'SqlServerDsc'

    node localhost
    {
        SqlWindowsFirewall 'Create_FirewallRules_For_SQL2012'
        {
            Ensure               = 'Present'
            Features             = 'SQLENGINE,AS,RS,IS'
            InstanceName         = 'SQL2012'
            SourcePath           = '\\files.company.local\images\SQL2012'

            PsDscRunAsCredential = $SqlAdministratorCredential
        }

        SqlWindowsFirewall 'Create_FirewallRules_For_SQL2016'
        {
            Ensure           = 'Present'
            Features         = 'SQLENGINE'
            InstanceName     = 'SQL2016'
            SourcePath       = '\\files.company.local\images\SQL2016'

            SourceCredential = $SqlAdministratorCredential
        }
    }
}

Example 2

This example shows how to remove the default rules for the supported features.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]
        $SqlAdministratorCredential
    )

    Import-DscResource -ModuleName 'SqlServerDsc'

    node localhost
    {
        SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2012'
        {
            Ensure               = 'Absent'
            Features             = 'SQLENGINE,AS,RS,IS'
            InstanceName         = 'SQL2012'
            SourcePath           = '\\files.company.local\images\SQL2012'

            PsDscRunAsCredential = $SqlAdministratorCredential
        }

        SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2016'
        {
            Ensure           = 'Absent'
            Features         = 'SQLENGINE'
            InstanceName     = 'SQL2016'
            SourcePath       = '\\files.company.local\images\SQL2016'

            SourceCredential = $SqlAdministratorCredential
        }
    }
}

Home

SqlWindowsFirewall

Parameters

Description

Requirements

Firewall rules

Database Engine (SQLENGINE) - Default instance

Database Engine (SQLENGINE) - Named instance

Analysis Services (AS) - Default instance

Analysis Services (AS) - Named instance

Reporting Services (RS)

Integration Services (IS)

Known issues

Examples

Example 1

Example 2

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!