SQL Server Ports
Quick cheat sheet for port numbers used by SQL Server services or services that SQL Server may depend on:
| 21 | TCP | FTP (replication) |
| 80 | TCP | HTTP endpoints, Reporting Services, HTTP replication |
| 135 | TCP & UDP | RPC, WMI, MSDTC, SQL Agent file copy, and TSQL Debugger (RPC used for multiple purposes including SSIS and clustering.) |
| 137 | UDP | File & Print Sharing (replication) and Cluster Admin |
| 138 | UDP | File & Print Sharing (replication) |
| 139 | TCP | FileStream and NetBIOS Session Service (clustering) |
| 443 | TCP | HTTPS endpoints and Reporting Services |
| 445 | TCP & UDP | FileStream, SMB (clustering), and File & Print Sharing |
| 500 | UDP | IPSec |
| 860 | TCP | iSCSI |
| 1024-5000 | TCP | Original dynamic ports for named instances. (WinSock standard.)(See ports 49152-65535.) The DoD Database STIG requires static ports. |
| 1433 | TCP | SQL Server database engine |
| 1434 | TCP & UDP | SQL Server database engine, DAC, and SQL Server's "Browse" button. |
| 2382 | UDP | Analysis Serviceswhen using dynamic ports with named instances |
| 2383 | TCP | Analysis Services |
| 2393-2394 | TCP | Analysis Services version 7 |
| 2725 | TCP | Analysis Services |
| 3260 | TCP | iSCSI |
| 3343 | UDP | Cluster network driver |
| 3389 | TCP | Remote Desktop Protocol (RDP) |
| 3882 | TCP | DTS/SSIS |
| 4022 | TCP | Conventional port for the SQL Broker service |
| 4500 | UDP | IPSec |
| 5000-5099 | UDP | Clustering |
| 5022 | TCP | AlwaysOn's default port for primary and secondary replicas |
| 7022 | TCP | Conventional port for Database Mirroring |
| 8011-8031 | UDP | Clustering internode RPC |
| 49152-65535 | TCP | Latest dynamic ports for named instances. (WinSock standard.)(See ports 1024-5000.) The DoD Database STIG requires static ports. |
Microsoft recommends non-default ports for maximum security.
Check ports in use: SELECT ServerProperty("ProcessID")
At a command prompt: "netstat -ano"
AlwaysOn Ports
- Each instance w an Availability Group (AG) must have a database mirroring endpoint, and they endpoints bust be started (query sys.database_mirroring_endpoints and sys.tcp_endpoints).
- Logins from a remote server must have CONNECT permission. Each instance must have access to ports on all partners.
Resources: Windows Firewall & SQL Server, Ports that DBAs Need to Know, and KB968872
Comments
Anonymous
January 01, 2003
Hi Freek, I wanted to be comprehensive, and if you're using FTP as part of SQL Server replication, you're definitely dependent on port 21. Likewise, I know DBAs who can normally manage an instance of SQL Server by remoting into the server, which means they're dependent on port 3389. They are "SQL Server" ports, but they could be involved in SQL Server issues. JDAnonymous
July 04, 2012
Hi! Some ports you mention, like e.g. 21 and 3389, I would not categorize as ports that SQL Server would use or be dependent upon. Kind regards, Freek Berson themicrosoftplatform.netAnonymous
February 10, 2016
Hi
Good (old) article but think 2382 UDP (for Analysis Services when using dynamic ports with named instances) should be 2382 TCP not UDP (https://msdn.microsoft.com/en-us/library/ms174937.aspx).
Kind regards