Configuring a Windows Firewall for Integration Services Access
The Windows Firewall system helps prevent unauthorized access to computer resources over a network connection. To access Integration Services through this firewall, you have to configure the firewall to enable access.
To manage packages that are stored on a remote server, you do not have to connect to the instance of the Integration Services service on that remote server. Instead, edit the configuration file for the Integration Services service so that SQL Server Management Studio displays the packages that are stored on the remote server. For more information, see Configuring the Integration Services (SSIS) Service.
The Integration Services service uses the DCOM protocol. For more information about how the DCOM protocol works through firewalls, see the article, "Using Distributed COM with Firewalls," in the MSDN Library.
There are many firewall systems available. If you are running a firewall other than Windows Firewall, see your firewall documentation for information that is specific to the system you are using.
If the firewall supports application-level filtering, you can use the user interface that Windows provides to specify the exceptions that are allowed through the firewall, such as programs and services. Otherwise, you have to configure DCOM to use a limited set of TCP ports. The Microsoft Web site link previously provided includes information about how to specify the TCP ports to use.
The Integration Services service uses port 135, and the port cannot be changed. You have to open TCP port 135 for access to the service control manager (SCM). SCM performs tasks such as starting and stopping Integration Services services and transmitting control requests to the running service.
The information in the following section is specific to Windows Firewall. You can configure the Windows Firewall system by running a command at the command prompt, or by setting properties in the Windows Firewall dialog box.
For more information about the default Windows firewall settings, and a description of the TCP ports that affect the Database Engine, Analysis Services, Reporting Services, and Integration Services, see Configuring the Windows Firewall to Allow SQL Server Access.
You can use the following commands to open TCP port 135, add MsDtsSrvr.exe to the exception list, and specify the scope of unblocking for the firewall.
To configure a Windows firewall using the Command Prompt window
Run the command: netsh firewall add portopening protocol=TCP port=135 name="RPC (TCP/135)" mode=ENABLE scope=SUBNET
Run the command: netsh firewall add allowedprogram program="%ProgramFiles%\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" name="SSIS Service" scope=SUBNET
To open the firewall for all computers, and also for computers on the Internet, replace scope=SUBNET with scope=ALL.
The following procedure describes how to use the Windows user interface to open TCP port 135, add MsDtsSrvr.exe to the exception list, and specify the scope of unblocking for the firewall.
To configure a firewall using the Windows Firewall dialog box
To configure the Windows Firewall, this procedure uses the Windows Firewall item in Control Panel. The Windows Firewall item only configures the firewall for the current network location profile. However, you can also configure the Windows Firewall by using the netsh command line tool or the Microsoft Management Console (MMC) snap-in named Windows Firewall with Advanced Security. For more information about these tools, see Configuring the Windows Firewall to Allow SQL Server Access.