SqlWindowsFirewall

SqlWindowsFirewall

Parameters

Parameter	Attribute	DataType	Description	Allowed Values
Ensure	Write	String	Ensures that SQL Server services firewall rules are 'Present' or 'Absent' on the machine.	Present, Absent
SourcePath	Write	String	UNC path to the root of the source files for installation.
Features	Key	String	SQL Server features to enable firewall rules for.
InstanceName	Key	String	SQL Server instance to enable firewall rules for.
DatabaseEngineFirewall	Read	Boolean	Returns wether the firewall rule(s) for the SQL Server Database Engine is enabled.
BrowserFirewall	Read	Boolean	Returns wether the firewall rule(s) for the SQL Server Browser is enabled.
ReportingServicesFirewall	Read	Boolean	Returns wether the firewall rule(s) for SQL Server Reporting Services is enabled.
AnalysisServicesFirewall	Read	Boolean	Returns wether the firewall rule(s) for SQL Server Analysis Services is enabled.
IntegrationServicesFirewall	Read	Boolean	Returns wether the firewall rule(s) for the SQL Server Integration Services is enabled.
SourceCredential	Write	PSCredential	Credentials used to access the path set in the parameter SourcePath. This parameter is optional either if built-in parameter PsDscRunAsCredential is used, or if the source path can be access using the SYSTEM account.

Description

The SqlWindowsFirewall DSC resource will set default firewall rules for the Database Engine, Analysis Services, SQL Browser, SQL Reporting Services, and Integration Services features.

Requirements

• Target machine must be running Windows Server 2012 or later.

Firewall rules

Database Engine (SQLENGINE) - Default instance

Firewall Rule	Firewall Display Name
Application: sqlservr.exe	SQL Server Database Engine instance MSSQLSERVER
Service: SQLBrowser	SQL Server Browser

Database Engine (SQLENGINE) - Named instance

Firewall Rule	Firewall Display Name
Application: sqlservr.exe	SQL Server Database Engine instance <INSTANCE>
Service: SQLBrowser	SQL Server Browser

Analysis Services (AS) - Default instance

Firewall Rule	Firewall Display Name
Service: MSSQLServerOLAPService	SQL Server Analysis Services instance MSSQLSERVER
Service: SQLBrowser	SQL Server Browser

Analysis Services (AS) - Named instance

Firewall Rule	Firewall Display Name
Service: MSOLAP$<INSTANCE>	SQL Server Analysis Services instance <INSTANCE>
Service: SQLBrowser	SQL Server Browser

Reporting Services (RS)

Firewall Rule	Firewall Display Name
Port: tcp/80	SQL Server Reporting Services 80
Port: tcp/443	SQL Server Reporting Services 443

Integration Services (IS)

Firewall Rule	Firewall Display Name
Application: MsDtsSrvr.exe	SQL Server Integration Services Application
Port: tcp/135	SQL Server Integration Services Port

Known issues

All issues are not listed here, see here for all open issues.

Examples

Example 1

This example shows how to create the default rules for the supported features.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]
        $SqlAdministratorCredential
    )

    Import-DscResource -ModuleName 'SqlServerDsc'

    node localhost
    {
        SqlWindowsFirewall 'Create_FirewallRules_For_SQL2012'
        {
            Ensure               = 'Present'
            Features             = 'SQLENGINE,AS,RS,IS'
            InstanceName         = 'SQL2012'
            SourcePath           = '\\files.company.local\images\SQL2012'

            PsDscRunAsCredential = $SqlAdministratorCredential
        }

        SqlWindowsFirewall 'Create_FirewallRules_For_SQL2016'
        {
            Ensure           = 'Present'
            Features         = 'SQLENGINE'
            InstanceName     = 'SQL2016'
            SourcePath       = '\\files.company.local\images\SQL2016'

            SourceCredential = $SqlAdministratorCredential
        }
    }
}

Example 2

This example shows how to remove the default rules for the supported features.

Configuration Example
{
    param
    (
        [Parameter(Mandatory = $true)]
        [System.Management.Automation.PSCredential]
        $SqlAdministratorCredential
    )

    Import-DscResource -ModuleName 'SqlServerDsc'

    node localhost
    {
        SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2012'
        {
            Ensure               = 'Absent'
            Features             = 'SQLENGINE,AS,RS,IS'
            InstanceName         = 'SQL2012'
            SourcePath           = '\\files.company.local\images\SQL2012'

            PsDscRunAsCredential = $SqlAdministratorCredential
        }

        SqlWindowsFirewall 'Remove_FirewallRules_For_SQL2016'
        {
            Ensure           = 'Absent'
            Features         = 'SQLENGINE'
            InstanceName     = 'SQL2016'
            SourcePath       = '\\files.company.local\images\SQL2016'

            SourceCredential = $SqlAdministratorCredential
        }
    }
}