Restricting Database Server Communication

On a dedicated SQL Server database server, you often want to restrict communication to a specific SQL Server port over a particular protocol. By default, SQL Server listens on TCP port 1433, and UDP port 1434 is used for negotiation purposes.

The following steps restrict a database server so that it only accepts incoming connections on TCP port 1433 and UDP port 1434:

• Create two filter actions: one to permit traffic and the other to block traffic. For details, see the Create filter actions procedure under "Restricting Web Server Communication" earlier in this How To.

• Create two filter lists: one that matches all traffic and one that contains two filters that match TCP traffic destined for port 1433 and UDP traffic destined for port 1433. For details, see "Create IP filter lists and filters" under "Restricting Web Server Communication" earlier in this How To. The required filters are summarized below.

  • Enter the following values to create a filter that allows TCP over port 1433:

    • Source Address: Any IP address

    • Destination Address: My IP Address

    • Protocol: TCP

    • From Port: Any

    • To Port: 1433

  • Enter the following values to create a filter that allows UDP over port 1434:

    • Source Address: Any IP address

    • Destination Address: My IP Address

    • Protocol: UDP

    • From Port: Any

    • To Port: 1434

• Create and apply IPSec policy by repeating the procedure under "Restricting Web Server Communication" earlier in this How To.