Export (0) Print
Expand All

How to: Configure Firewall Settings (Azure SQL Database)

Updated: October 10, 2014

Microsoft Azure SQL Database uses firewall rules to allow connections to your servers and databases. You can define server-level and database-level firewall settings for the master or a user database in your Azure SQL Database server to selectively allow access to the database.

ImportantImportant
To allow applications from Azure to connect to your database server, Azure connections must be enabled. For more information about firewall rules and enabling connections from Azure, see Azure SQL Database Firewall.

Server-Level Firewall Rules

Server-level firewall rules can be created and managed through the Microsoft Azure Management Portal, Transact-SQL, Azure PowerShell, or REST API.

Manage Server-Level Firewall Rules through Management Portal

  1. From the Management Portal, click SQL Databases. All databases and their corresponding servers are listed here.

  2. Click Servers at the top of the page.

  3. Click the arrow beside the server for which you want to manage firewall rules.

  4. Click Configure at the top of the page.

    • To add the current computer, click Add to the Allowed IP Addresses.

    • To add additional IP addresses, type in the Rule Name, Start IP Address, and End IP Address.

    • To modify an existing rule, click any of the fields in the rule and modify.

    • To delete an existing rule, hover over the rule until the X appears at the end of the row. Click X to remove the rule.

  5. Click Save at the bottom of the page to save the changes.

Manage Server-Level Firewall Rules through Transact-SQL

  1. Launch a query window through the Management Portal or through SQL Server Management Studio.

  2. Verify you are connected to the master database.

  3. Server-level firewall rules can be created, updated, or deleted from within the query window.

    1. To create or update server-level firewall rules, execute the sp_set_firewall rule stored procedure. The following example enables a range of IP addresses on the server Contoso.

      EXEC sp_set_firewall_rule @name = N'ContosoFirewallRule', @start_ip_address = '192.168.1.1', @end_ip_address = '192.168.1.10'
      
      
    2. To delete a server-level firewall rule, execute the sp_delete_firewall_rule stored procedure. The following example deletes the rule named ContosoFirewallRule.

      EXEC sp_delete_firewall_rule @name = N'ContosoFirewallRule'
      
      

Manage Server-Level Firewall Rules through Azure PowerShell

  1. Launch Azure PowerShell.

  2. Server-level firewall rules can be created, updated, and deleted using Azure PowerShell.

    1. To create a new server-level firewall rule, execute the New-AzureSqlDatabaseServerFirewallRule cmdlet. The following example enables a range of IP addresses on the server Contoso.

      New-AzureSqlDatabaseServerFirewallRule –StartIPAddress 192.168.1.1 –EndIPAddress 192.168.1.10 –RuleName ContosoFirewallRule –ServerName Contoso
      
      
    2. To modify an existing server-level firewall rule, execute the Set-AzureSqlDatabaseServerFirewallRule cmdlet. The following example changes the range of acceptable IP addresses for the rule named ContosoFirewallRule.

      Set-AzureSqlDatabaseServerFirewallRule –StartIPAddress 192.168.1.4 –EndIPAddress 192.168.1.10 –RuleName ContosoFirewallRule –ServerName Contoso
      
      
    3. To delete an existing server-level firewall rule, execute the Remove-AzureSqlDatabaseServerFirewallRule cmdlet. The following example deletes the rule named ContosoFirewallRule.

      Remove-AzureSqlDatabaseServerFirewallRule –RuleName ContosoFirewallRule –ServerName Contoso
      
      

Manage Server-Level Firewall Rules through REST API

  1. Managing firewall rules through REST API must be authenticated. For information, see Authenticating Service Management Requests.

  2. Server-level rules can be created, updated, or deleted using REST API

    1. To create or update a server-level firewall rule, execute the POST method using the following:

      https://management.core.windows.net:8443/{subscriptionId}/services/sqlservers/servers/Contoso/firewallrules
      
      

      Request Body

      <ServiceResource xmlns="http://schemas.microsoft.com/windowsazure">
        <Name>ContosoFirewallRule</Name>
        <StartIPAddress>192.168.1.4</StartIPAddress>
        <EndIPAddress>192.168.1.10</EndIPAddress>
      </ServiceResource>
      
      
    2. To remove an existing server-level firewall rule, execute the DELETE method using the following:

      https://management.core.windows.net:8443/{subscriptionId}/services/sqlservers/servers/Contoso/firewallrules/ContosoFirewallRule
      
      

Database-Level Firewall Rules

  1. After creating a server-level firewall for your IP address, launch a query window through the Management Portal or through SQL Server Management Studio.

  2. Connect to the database for which you want to create a database-level firewall rule.

    1. To create a new or update an existing database-level firewall rule, execute the sp_set_database_firewall_rule stored procedure. The following example creates a new firewall rule named ContosoFirewallRule.

      EXEC sp_set_database_firewall_rule @name = N'ContosoFirewallRule', @start_ip_address = '192.168.1.11', @end_ip_address = '192.168.1.11'
      
      
    2. To delete an existing database-level firewall rule, execute the sp_delete_database_firewall_rule stored procedure. The following example deletes the rule named ContosoFirewallRule.

      EXEC sp_delete_database_firewall_rule @name = N'ContosoFirewallRule'
      
      

See Also

Community Additions

ADD
Show:
© 2014 Microsoft