Windows Server Failover Clustering/SQL Server Firewall Access Rule

DC, Cluster ve SQL Cluster kurulumu için gereksinim olan portlar aşağıdaki gibi olmalıdır.
Yararlı olması dileğiyle

Windows Server Clustering –
TCP/UDP Port Description
TCP/UDP 53 User & Computer Authentication [DNS]
TCP/UDP 88 User & Computer Authentication [Kerberos]
UDP 123 Windows Time [NTP]
TCP 135 Cluster DCOM Traffic [RPC, EPM]
UDP 137 User & Computer Authentication [NetLogon, NetBIOS]
UDP 138 DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service]
TCP 139 DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service]
TCP/UDP 162 SNMP Traps
TCP/UDP 389 User & Computer Authentication [LDAP]
TCP/UDP 445 User & Computer Authentication [SMB, SMB2, CIFS]
TCP/UDP 464 User & Computer Authentication [Kerberos Change/Set Password]
TCP 636 User & Computer Authentication [LDAP SSL]
TCP 3268 Microsoft Global Catalog
TCP 3269 Microsoft Global Catalog [SSL]
TCP/UDP 3343 Cluster Network Communication
TCP 5985 WinRM 2.0 [Remote PowerShell]
TCP 5986 WinRM 2.0 HTTPS [Remote PowerShell SECURE]
TCP/UDP 49152-65535 Dynamic TCP/UDP [Defined Company/Policy {CAN BE CHANGED}]

SQL Server –
TCP/UDP Port Description
TCP 1433 SQL Server/Availability Group Listener [Default Port {CAN BE CHANGED}]
UDP 1434 SQL Server Browser
UDP 2382 SQL Server Analysis Services Browser
TCP 2383 SQL Server Analysis Services Listener
TCP 5022 SQL Server DBM/AG Endpoint [Default Port {CAN BE CHANGED}]
UDP 49152-65535 Dynamic TCP/UDP [Defined Company/Policy {CAN BE CHANGED}]

Active Directory Traffic:
Source IP Range : Server’s IP Range
Destination IP Range [Active Directory Servers]
TCP Ports 53,88,389,464,636,3268,3269
UDP Ports 53,88,389,464

SCOM/SNMP Traffic:
Source IP Range [SCOM/SNMP Servers]
Destination IP Range,
TCP Ports 162
UDP Ports 161,162

Windows Server Failover Clustering Traffic:
Source IP Range : Server’s IP Range
Destination IP Range,
TCP Ports 135,139,445,1433,2383,3343,5022,5985,5986
UDP Ports 137,138,445,1434,2382,3343,49152-65535

Windows Time Traffic:
Source IP Range : Server’s IP Range(Node’s IP Subnet)
Destination IP Range [NTP Servers]
TCP Ports N/A
UDP Ports 123

Client SQL Server Access Traffic:
Source IP Range [Client Application Servers]
Destination IP Range : Server’s IP Range
TCP Ports 1433,2383 (If default port used)
UDP Ports 1434,2382

Enis Göktay

Enis Göktay

Enis has more than 15 years of experience in Information Technologies. He holds a Bachelor of Science in Economy and Master of Science degree in Computer Engineering as well as several IT certifications, namely MCITP, MCSE and CISCO Certifications. He has experience from technical support to administering enterprise IT infrastructures including but not limited Active Directory, Messaging Infrastructures, and Networking. Currently, he lives in Istanbul and works as a Sr. Specialist on Microsoft Products, dealing with administration of full life cycle of large, complex, and high available Enterprise IT infrastructures. His certifications include:

:: MCSE Data Platform,
:: MCSE Private Cloud,
:: MCSE Messaging,
:: MCSE Communication,
:: MCSE Server Infrastructure,
:: MCITP Enterprise Messaging on Exchange 2010
:: Microsoft Specialist - Server Virtualization with Windows Server Hyper-V and System Center Specialist
:: MCITP Enterprise Administrator 2008
:: MCITP Windows Server 2008,
:: MCSA: SQL Server,
:: MCSA: Office 365 Certification
:: MCSA Windows Server 2008,
:: MCTS Microsoft Exchange Server 2010, Configuring
:: MCTS Windows Server® 2008 Network Infrastructure, Configuration
:: MCTS Windows Server® 2008 Active Directory, Configuration
:: MCTS Monitoring and Operating a Private Cloud with System Center 2012
:: MCP (Microsoft Certified Professional)
Enis Göktay

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation