Share via

Changing Custom 445 Port for SQL Log Shipping

Kiran Varekar 20 Reputation points
2025-11-04T17:01:27.8033333+00:00

Hello team,

We have a banking enclosed environment. Here we are planning to install SQL Server 2022 in DC and DR, and then there will be log shipping between DC and DR via shared network drive.

Port 445 cannot be provided due to some bank compliance policies. I wanted to know, is there any process by which we can modify the default port 445?

Regards,

Kiran Varekar

SQL Server Database Engine
0 comments

Answer recommended by moderator

  1. Marcin Policht 88,075 Reputation points MVP Volunteer Moderator
    2025-12-05T11:47:12.4933333+00:00

    For the most part - SMB over QUIC on Windows Server 2022 uses TLS 1.3 encryption. It is not just “UDP 443”; it is a fully encrypted, authenticated transport similar in security to HTTPS/HTTP-3. QUIC provides its own reliability, congestion control and encryption, so the connection is actually more secure than traditional SMB over TCP 445 and does not rely on TLS/SSL (SSL is an outdated term) at all.

    For firewall requirements, the port rule must be opened between the actual SQL Server hosts, not between the cluster virtual IPs. Log shipping copies files between servers using UNC paths, and SMB/QUIC operates at the host level. Effectively, UDP 443 must be allowed from the primary SQL Server node to the DR SQL Server node (and vice-versa if needed), and for all nodes that might participate in failover scenarios. The VIP does not carry SMB traffic, so no firewall changes are required for it.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 88,075 Reputation points MVP Volunteer Moderator
    2025-11-04T20:43:06.2+00:00

    AFAIK, SQL Server log shipping requires SMB (port 445) for file sharing so you can’t change the port. The workaround would be to use another file transfer mechanism instead of relying on SMB or set up an IPSec tunnel (although that would still involve the use of TCP at the endpoints).

    Alternatively, you might be able to leverage QUIC on Windows Server 2022+ which allows SMB file sharing over UDP port 443 instead of TCP port 445.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.