Configuring SQL Server Port Access for SharePoint Environments: A Technical Guide
Introduction
In a Microsoft SharePoint environment—whether on-premises or hybrid—Microsoft SQL Server plays a critical role as the data backbone. SharePoint stores its configuration, content, service applications, and search data in SQL Server databases. Ensuring proper communication between SharePoint servers and SQL Server instances is not only a matter of functionality but also one of security and performance.
One of the most overlooked but essential configuration tasks during SharePoint deployment or troubleshooting is the firewall rule configuration for SQL Server communication. This article provides a detailed technical guide for configuring SQL Server port access, focusing on ports that must be opened in a Windows Firewall or network firewall to allow proper operation of a SharePoint environment.
Default SQL Server Communication Ports
Microsoft SQL Server uses a set of default ports depending on the configuration of the instance (default vs. named) and the services enabled. Below are the most commonly used ports and their roles.
- TCP 1433
This is the default port used by the SQL Server Database Engine for the default instance. SharePoint typically connects to this port unless configured otherwise. - UDP 1434
Used by the SQL Server Browser service. This is critical when using named instances, as it helps client applications discover the dynamic TCP port to which a named instance is listening. - Dynamic TCP Ports (1024–65535)
When a named instance of SQL Server is used, it may use a dynamic TCP port, unless configured to use a static port. - TCP 2383
This is the default port for SQL Server Analysis Services (SSAS). - TCP 2382
Used by the SQL Server Browser to redirect client connections to SSAS instances. - TCP 135 (RPC)
Required for some remote procedure call operations, especially when using DCOM and SQL Server Management Tools for remote operations. - TCP 445 and TCP 139
Used for SMB communication (file sharing), sometimes relevant during backup operations or remote PowerShell tasks. - TCP 4022
Used by SQL Server Service Broker, which may be used in advanced SharePoint custom solutions or third-party integrations. - Custom ports
It’s possible to configure SQL Server to listen on custom static ports, especially in hardened or DMZ environments.
Static vs. Dynamic Port Allocation
By default, SQL Server named instances use dynamic ports, which are assigned at startup. This can complicate firewall rules. For environments like SharePoint, it is strongly recommended to configure static ports for predictability and ease of network rule configuration.
To set a static port:
- Open SQL Server Configuration Manager.
- Navigate to SQL Server Network Configuration > Protocols for [InstanceName].
- Open the TCP/IP properties.
- Under the IP Addresses tab, clear the “TCP Dynamic Ports” field and set a fixed value under “TCP Port”.
- Restart the SQL Server service.
Firewall Configuration Guidelines
For Windows Firewall, follow these steps:
- Open Windows Defender Firewall with Advanced Security.
- Go to Inbound Rules > New Rule.
- Choose Port, then TCP, and enter the necessary port (e.g., 1433).
- Allow the connection.
- Apply to Domain, Private, and/or Public profiles as needed.
- Name the rule (e.g., “SQL Server Port 1433”) and finish.
Repeat this for each required port.
For enterprise environments using perimeter firewalls, these ports must be explicitly allowed between SharePoint servers and the SQL back-end. Network segmentation and access control lists (ACLs) should ensure that only designated application servers can communicate with SQL.
Security Considerations
- Restrict access to SQL Server ports to only the SharePoint servers using IP whitelisting or VLAN rules.
- Use encryption via SSL/TLS for SQL Server connections.
- Regularly monitor logs for unusual port activity.
- Avoid exposing SQL Server ports to the public internet.
Conclusion
Properly configuring firewall rules for SQL Server is vital in ensuring reliable SharePoint operation. It is recommended to use static ports for predictable behavior and implement least privilege principles when opening network paths. Understanding the port requirements and configuring firewalls accordingly helps maintain a secure, performant SharePoint environment.
Summary Table: SQL Server Port Requirements for SharePoint
| Port | Protocol | Purpose | Applies To | Recommended |
|---|---|---|---|---|
| 1433 | TCP | Default SQL Server instance | Default instance communication | Yes |
| 1434 | UDP | SQL Server Browser for named instances | Named instance discovery | Yes |
| 2383 | TCP | SQL Server Analysis Services | SSAS | Optional |
| 2382 | TCP | Redirect to SSAS instance | SSAS | Optional |
| 135 | TCP | RPC / DCOM communications | Management tools / PowerShell | Conditional |
| 445, 139 | TCP | SMB file sharing | Backups, network shares | Conditional |
| 4022 | TCP | SQL Server Service Broker | Advanced scenarios | Optional |
| Custom | TCP | Static port for named instance | Hardened environments | Yes |
References
edvaldo b. guimarães filho 