출처 : http://dsfnet.blogspot.kr/2013/04/windows-server-clustering-sql-server.html
Windows Server Failover Clustering/SQL Server Firewall Access Rule
This document identifies the firewall access rules that need to be requested for Windows Server Clustering/SQL Server. Many of these rules are setup for access across a Windows Server 2012 Multi-Subnet Cluster.
NOTE: It is recommended you specify the specific IP addresses [or subnet mask] for all Windows Server Cluster and SQL Server nodes/hosts [including Availability Group Listeners] so the firewall rules will work properly.
SPECIAL NOTE: You need to review and modify, if needed, the dynamic port ranges on each Windows Server Cluster nodes/hosts to a company/policy acceptable range for certain dynamic TCP/UDP traffic. The default range for Windows 2003 Server is 1025-5000 but has been changed for Windows 2008 à 2012 Server to 49152–65535.
Refer to the following articles regarding the firewall port requirements.
Windows Server Clustering –
|
TCP/UDP |
Port |
Description |
|
TCP/UDP |
53 |
User & Computer Authentication [DNS] |
|
TCP/UDP |
88 |
User & Computer Authentication [Kerberos] |
|
UDP |
123 |
Windows Time [NTP] |
|
TCP |
135 |
Cluster DCOM Traffic [RPC, EPM] |
|
UDP |
137 |
User & Computer Authentication [NetLogon, NetBIOS] |
|
UDP |
138 |
DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service] |
|
TCP |
139 |
DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service] |
|
UDP |
161 |
SNMP |
|
TCP/UDP |
162 |
SNMP Traps |
|
TCP/UDP |
389 |
User & Computer Authentication [LDAP] |
|
TCP/UDP |
445 |
User & Computer Authentication [SMB, SMB2, CIFS] |
|
TCP/UDP |
464 |
User & Computer Authentication [Kerberos Change/Set Password] |
|
TCP |
636 |
User & Computer Authentication [LDAP SSL] |
|
TCP |
3268 |
Microsoft Global Catalog |
|
TCP |
3269 |
Microsoft Global Catalog [SSL] |
|
TCP/UDP |
3343 |
Cluster Network Communication |
|
TCP |
5985 |
WinRM 2.0 [Remote PowerShell] |
|
TCP |
5986 |
WinRM 2.0 HTTPS [Remote PowerShell SECURE] |
|
TCP/UDP |
49152-65535 |
Dynamic TCP/UDP [Defined Company/Policy {CAN BE CHANGED}] |
SQL Server –
|
TCP/UDP |
Port |
Description |
|
TCP |
1433 |
SQL Server/Availability Group Listener [Default Port {CAN BE CHANGED}] |
|
UDP |
1434 |
SQL Server Browser |
|
UDP |
2382 |
SQL Server Analysis Services Browser |
|
TCP |
2383 |
SQL Server Analysis Services Listener |
|
TCP |
5022 |
SQL Server DBM/AG Endpoint [Default Port {CAN BE CHANGED}] |
|
UDP |
49152-65535 |
Dynamic TCP/UDP [Defined Company/Policy {CAN BE CHANGED}] |
Example [Multi-Subnet Setup]:
Subnet #1 – 10.10.33.192/26
Subnet #2 – 10.11.33.192/26
Active Directory Traffic:
|
Source IP Range |
10.10.33.192/26, 10.11.33.192/26 |
|
Destination IP Range |
[Active Directory Servers] |
|
TCP Ports |
53,88,389,464,636,3268,3269 |
|
UDP Ports |
53,88,389,464 |
<!--[if !supportLineBreakNewLine]-->
<!--[endif]-->
SCOM/SNMP Traffic:
|
Source IP Range |
[SCOM/SNMP Servers] |
|
Destination IP Range |
10.10.33.192/26, 10.11.33.192/26 |
|
TCP Ports |
162 |
|
UDP Ports |
161,162 |
Windows Server Failover Clustering Traffic:
|
Source IP Range |
10.10.33.192/26, 10.11.33.192/26 |
|
Destination IP Range |
10.11.33.192/26, 10.10.33.192/26 |
|
TCP Ports |
135,139,445,1433,2383,3343,5022,5985,5986 |
|
UDP Ports |
137,138,445,1434,2382,3343,49152-65535 |
Windows Time Traffic:
|
Source IP Range |
10.10.33.192/26, 10.11.33.192/26 |
|
Destination IP Range |
[NTP Servers] |
|
TCP Ports |
N/A |
|
UDP Ports |
123 |
Client SQL Server Access Traffic:
|
Source IP Range |
[Client Application Servers] |
|
Destination IP Range |
10.10.33.192/26, 10.11.33.192/26 |
|
TCP Ports |
1433,2383 |
|
UDP Ports |
1434,2382 |
'Windows' 카테고리의 다른 글
| Windows time 서비스 시작 중 오류 1079 로 인하여 서비스 시작 이 불가능할때 (0) | 2014.11.20 |
|---|---|
| 시스템 병목현상 체크 (성능모니터링) (1) | 2014.08.20 |
| 장치 관리자가 연결되지 않은 장치를 표시하지 않음 (1) | 2014.03.26 |
| install Loopback adapter commad line (0) | 2014.03.19 |
| cmd dns 서버 등록하기 (netsh interface) (0) | 2014.02.27 |
