Is it good practice to block default ports and change the default

Default Ports for SQL Server

Port / February 10, 2020

This topic describes how to configure the Database Engine to listen on multiple TCP ports in SQL Server 2017 by using SQL Server Configuration Manager. When TCP/IP is enabled for SQL Server, the Database Engine will listen for incoming connections on a connection point consisting of an IP address and TCP port number.The following procedures create a tabular data stream (TDS) endpoint, so that SQL Server will listen on an additional TCP port.

Issue the following statement to create an endpoint named CustomConnection for port 1500 for all available TCP addresses on the server.

USE master; GO CREATE ENDPOINT [CustomConnection] STATE = STARTED AS TCP (LISTENER_PORT = 1500, LISTENER_IP =ALL) FOR TSQL ; GO

When you create a new Transact-SQL endpoint, connect permissions for public are revoked for the default TDS endpoint. If access to the public group is needed for the default endpoint, reapply this permission by using the GRANT CONNECT ON ENDPOINT::[TSQL Default TCP] to [public]; statement.

In SQL Server Configuration Manager, expand SQL Server Network Configuration, and then click Protocols for.

Expand Protocols for, and then click TCP/IP.

In the right pane, right-click each disabled IP address that you want to enable, and then click Enable.

Right-click IPAll, and then click Properties.

In the TCP Port box, type the ports that you want the Database Engine to listen on, separated by commas. In our example, if the default port 1433 is listed, type , 1500 so the box reads 1433, 1500, and then click OK.

Note

If you are not enabling the port on all IP addresses, configure the additional port in the property box for only for the desired address. Then, in the console pane, right-click TCP/IP, click Properties, and in the Listen All box, select No.

Source: msdn.microsoft.com