Free Trial *Internet Service Required
26 out of 53 rated this helpful - Rate this topic

How to: Configure the Server-Level Firewall Settings (Windows Azure SQL Database)

The Microsoft Windows Azure SQL Database service prevents access to your SQL Database server with the SQL Database firewall. You can use the Windows Azure Platform Management Portal or master database to review and edit your server-level firewall configuration. This topic describes how you can define server-level firewall settings to specify which clients should have access to your SQL Database server. For more information about the server-level firewall rules, see Windows Azure SQL Database Firewall.

You can also perform operations on server-level firewall rules by using the Windows Azure SQL Database API. For more information, see Operations on Server-Level Firewall Rules.

noteNote
To connect to your SQL Database server for the first time, you must enable connectivity through the firewall using the Management Portal.

In This Topic

Configure Server-Level Firewall Settings Using the Management Portal

  1. Log on to the Windows Azure Management Portal.

  2. In the navigation pane on the left, expand your subscription, and then select your SQL Database server by clicking it.

  3. In the center pane, view the server-level firewall settings for the selected SQL Database server by clicking Firewall Rules.

  4. To configure the server-level firewall settings:

    1. Enable connection attempts from Windows Azure by selecting the Allow other Windows Azure services to access to this server check box. This will add a firewall rule, MicrosoftServices, with the start and end IP range values set to 0.0.0.0.

    2. Add a new server-level firewall setting for Internet-based connections by clicking Add. In the Add Firewall Rule dialog box, specify a unique name in the Rule Name box with the corresponding IP address range in the IP range start and IP range end boxes. Click OK.

    3. Update an existing server-level firewall setting for Internet-based connections by selecting the appropriate record and clicking Update. In the Update Firewall Rule dialog box, specify the new IP address range values in the IP range start and IP range end boxes, and click OK.

  5. Remove an existing server-level firewall setting by selecting the appropriate rule, and then clicking Delete.

noteNote
If you are using the new Windows Azure Management Portal, see How to: Configure the firewall for the logical server for instructions on configuring the server-level firewall settings.

Configure Server-Level Firewall Settings Using the Master Database

  1. Use the Management Portal to confirm that there is a firewall setting allowing your computer to attempt connection to the SQL Database server. The IP address of your computer must be within the IP address range of one of the firewall settings. For more information, see Windows Azure SQL Database Firewall.

  2. Connect to the master database of the SQL Database server using your server-level principal login.

  3. View the server-level firewall settings corresponding to your SQL Database server by executing the query: select * from sys.firewall_rules

  4. Configure the server-level firewall settings by using the sp_set_firewall_rule stored procedure.

    1. Enable connection attempts from Windows Azure by using the sp_set_firewall_rule stored procedure with the parameters start_ip_address and end_ip_address equal to 0.0.0.0.

    2. Add a new firewall setting for Internet-based connections by specifying a unique name in the name parameter of the sp_set_firewall_rule stored procedure. Specify the lowest desired IP address in that range with the start_ip_address parameter and the highest desired IP address in that range with the end_ip_address parameter. The name parameter is of the nvarchar data type and the start_ip_address and the end_ip_address parameters are of the varchar data type.

    3. Update an existing firewall setting for Internet-based connections by specifying an existing name in the name parameter of the sp_set_firewall_rule stored procedure. Specify the new IP address range with the start_ip_address and end_ip_address parameters.

  5. Remove a firewall setting by specifying name of the undesired firewall setting in the name parameter of the sp_delete_firewall_rule stored procedure.

Example

This example demonstrates how to configure your firewall settings with Transact-SQL. First, you must use the Management Portal to allow access for your computer's IP address. Then you can view the firewall settings with the following code.

Copy 
-- view firewall settings
select * from sys.firewall_rules
noteNote
Only the server-level principal login, while connected to the master database, can configure firewall settings for your SQL Database server.

You can use the sp_set_firewall_rule stored procedure to add or change firewall settings. When you add a firewall setting where the beginning and ending IP addresses are equal to 0.0.0.0, you enable access to your SQL Database server from Windows Azure. Provide a value to the name parameter that will help you remember what the firewall setting is for. The following code creates a firewall setting called Allow Windows Azure that enables access from Windows Azure.

Copy 
-- enable Windows Azure connections
exec sp_set_firewall_rule N'Allow Windows Azure','0.0.0.0','0.0.0.0'

The following code creates a firewall setting called Example setting 1 for only the IP address 0.0.0.2. Then, the sp_set_firewall_rule stored procedure is called again to allow an additional IP address, 0.0.0.3, in that firewall setting.

Copy 
-- create new firewall setting for only IP 0.0.0.2
exec sp_set_firewall_rule N'Example setting 1','0.0.0.2','0.0.0.2'

-- update firewall setting to also allow IP 0.0.0.3
exec sp_set_firewall_rule N'Example setting 1','0.0.0.2','0.0.0.3'

To remove a firewall setting, use the sp_delete_firewall_rule stored procedure, as shown in the following code.

Copy 
-- Remove example firewall setting
exec sp_delete_firewall_rule N'Example setting 1'

See Also

Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft. All rights reserved.
facebook page visit twitter rss feed newsletter