| Author | Andreas Jordan (@JordanOrdix), ordix.de |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Get-DbaFirewallRule on GitHub.
Want to see the Bill Of Health for this command? Check out Get-DbaFirewallRule.
Retrieves Windows firewall rules for SQL Server components from target computers for network troubleshooting and security auditing.
Retrieves Windows firewall rules for SQL Server components from target computers, helping DBAs troubleshoot connectivity issues and audit network security configurations. This command queries firewall rules for the SQL Server Engine, Browser service, and Dedicated Admin Connection (DAC) to identify which ports are open and what programs are allowed through the firewall.
Most useful when SQL Server connections are failing and you need to verify firewall rules are correctly configured, or when conducting security audits to document which SQL Server ports are exposed. The command only works with standardized firewall rules created by New-DbaFirewallRule, as it relies on specific group names and naming conventions.
This is a wrapper around Get-NetFirewallRule executed at the target computer, so the NetSecurity PowerShell module must be available on the remote system. The command returns detailed information including port numbers, protocols, and executable paths for each firewall rule.
The functionality is currently limited. Help to extend the functionality is welcome.
As long as you can read this note here, there may be breaking changes in future versions.
So please review your scripts using this command after updating dbatools.
Get-DbaFirewallRule
[-SqlInstance] <DbaInstanceParameter[]>
[[-Credential] <PSCredential>]
[[-Type] <String[]>]
[-EnableException]
[<CommonParameters>]
PS C:\> Get-DbaFirewallRule -SqlInstance SRV1
Returns the firewall rule for the default instance on SRV1.
In case the instance is not listening on port 1433, it also returns the firewall rule for the SQL Server Browser.
PS C:\> Get-DbaFirewallRule -SqlInstance SRV1\SQL2016 -Type Engine
Returns only the firewall rule for the instance SQL2016 on SRV1.
PS C:\> Get-DbaFirewallRule -SqlInstance SRV1\SQL2016 -Type Browser
PS C:\> Get-DbaFirewallRule -SqlInstance SRV1 -Type Browser
Both commands return the firewall rule for the SQL Serer Browser on SRV1.
As the Browser is not bound to a specific instance, only the computer part of SqlInstance is used.
PS C:\> Get-DbaFirewallRule -SqlInstance SRV1\SQL2016 -Type AllInstance
Returns all firewall rules on the computer SRV1 related to SQL Server.
The value "AllInstance" only uses the computer name part of SqlInstance.
The target SQL Server instance or instances.
| Alias | |
| Required | True |
| Pipeline | true (ByValue) |
| Default Value |
Credential object used to connect to the Computer as a different user.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Specifies which SQL Server firewall rule types to retrieve from the target computer.
Use this when you need to focus on specific SQL Server components during network troubleshooting or security audits.
Valid values are:
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | |
| Accepted Values | Engine,Browser,DAC,AllInstance |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |