Windows Server Fail-over Clustering / SQL Cluster Firewall Access Rules

image_pdfimage_print

Windows Server Clustering
TCP/UDP Port Description
TCP/UDP 53 User & Computer Authentication [DNS]
TCP/UDP 88 User & Computer Authentication [Kerberos]
UDP 123 Windows Time [NTP]
TCP 135 Cluster DCOM Traffic [RPC, EPM]
UDP 137 User & Computer Authentication [NetLogon, NetBIOS]
UDP 138 DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service]
TCP 139 DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service]
UDP 161 SNMP
TCP/UDP 162 SNMP Traps
TCP/UDP 389 User & Computer Authentication [LDAP]
TCP/UDP 445 User & Computer Authentication [SMB, SMB2, CIFS]
TCP/UDP 464 User & Computer Authentication [Kerberos Change/Set Password]
TCP 636 User & Computer Authentication [LDAP SSL]
TCP 3268 Microsoft Global Catalog
TCP 3269 Microsoft Global Catalog [SSL]
TCP/UDP 3343 Cluster Network Communication
TCP 5985 WinRM 2.0 [Remote PowerShell]
TCP 5986 WinRM 2.0 HTTPS [Remote PowerShell SECURE]
TCP/UDP 49152-65535 Dynamic TCP/UDP [CAN BE CHANGED]

SQL Server 
TCP/UDP Port Description
TCP 1433 SQL Server/Availability Group Listener [CAN BE CHANGED]
UDP 1434 SQL Server Browser
UDP 2382 SQL Server Analysis Services Browser
TCP 2383 SQL Server Analysis Services Listener
TCP 5022 SQL Server DBM/AG Endpoint [CAN BE CHANGED]
UDP 49152-65535 Dynamic TCP/UDP [CAN BE CHANGED]

Active Directory Traffic
Source IP Range : Server’s IP Range
Destination IP Range [Active Directory Servers]
TCP Ports 53,88,389,464,636,3268,3269
UDP Ports 53,88,389,464

Windows Server Fail-over Clustering Traffic
TCP Ports 135,139,445,1433,2383,3343,5022,5985,5986
UDP Ports 137,138,445,1434,2382,3343,49152-65535

Windows Time Traffic
TCP Ports N/A
UDP Ports 123

Client SQL Server Access Traffic
TCP Ports 1433,2383 (If default port used)
UDP Ports 1434,2382

For a comprehensive list of Services and their associated network port numbers, please refer the Microsoft Official Guide

[source: Microsoft]