Create Firewall Rule (classic)
Updated: October 5, 2016
SQL Server 
Azure SQL DatabaseAzure SQL Data Warehouse Parallel Data Warehouse
Creates an Azure SQL Database server firewall rule.
This command uses the classic deployment model. You should use the newer Resource Manager based REST API commands located here. For more information, see Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resources.
The Create Firewall Rule request must be specified as follows:
Replace {subscriptionId} with your subscription ID.
Replace {serverName} with your server name.
| Method | Request URI | HTTP Version |
|---|---|---|
| POST | https://management.core.windows.net:8443/{subscriptionId}/services/sqlservers/servers/{serverName}/firewallrules | HTTP/1.1 |
If the operation returns success, the operation is complete, but changes will be effective approximately five minutes later. If the operation returns failure, and the error is a user error, no changes will be applied. If there is a communication error or an internal server error, the current state can be determined with Get Firewall Rule (classic).
In SQL Database, login data required to authenticate a connection and server-level firewall rules are temporarily cached in each database. This cache is periodically refreshed. To force a refresh of the authentication cache and make sure that a database has the latest version of the logins table, execute DBCC FLUSHAUTHCACHE (Transact-SQL).
URI Parameters
None.
Request Headers
The following table describes the required and optional request headers:
| Request Header | Description |
|---|---|
| x-ms-version | Required. Specifies the version of the operation to use for this request. This header should be set to 2012-03-01. |
Request Body
The format of the request body is as follows:
<ServiceResource xmlns="http://schemas.microsoft.com/windowsazure"> <Name>AllowAll</Name> <StartIPAddress>0.0.0.0</StartIPAddress> <EndIPAddress>255.255.255.255</EndIPAddress> </ServiceResource>
The following table describes elements of the request body:
| Element Name | Description |
|---|---|
| Name | The name of the new firewall rule. |
| StartIPAddress | The lowest IP address in the range of the server-level firewall setting. IP addresses equal to or greater than this can attempt to connect to the server. The lowest possible IP address is 0.0.0.0. |
| EndIPAddress | The highest IP address in the range of the server-level firewall setting. IP addresses equal to or less than this can attempt to connect to the server. The highest possible IP address is 255.255.255.255. |
The response includes an HTTP status code, a set of response headers, and a response body.
Status Code
Response Headers
The response for this operation includes the following headers. The response may also include additional standard HTTP headers. All standard headers conform to the HTTP/1.1 protocol specification.
| Response Header | Description |
|---|---|
| x-ms-request-id | A value that uniquely identifies a request made against the database management service. This request id is used for request tracking. If a failure occurs that requires the user to contact Microsoft Support, the request id should be provided to Microsoft to assist in tracking and resolving the failure for the request. |
Response Body
The following is an example response body:
<ServiceResource xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> <Name>AllowAll</Name> <Type>Microsoft.SqlAzure.FirewallRule</Type> <State>Normal</State> <SelfLink>https://management.core.windows.net/00000000-0000-0000-0001-000000000001/services/sqlservers/servers/bpr0d6li5t/firewallrules/Rule2</SelfLink> <ParentLink>https://management.core.windows.net/00000000-0000-0000-0001-000000000001/services/sqlservers/servers/bpr0d6li5t</ParentLink> <StartIPAddress>0.0.0.0</StartIPAddress> <EndIPAddress>255.255.255.255</EndIPAddress> </ServiceResource>
| Element Name | Description |
|---|---|
| Name | The name of the new firewall rule. |
| Type | The type of the service resource; Microsoft.SqlAzure.FirewallRule. |
| State | The state of the service resource. |
| SelfLink | The URI identifier for this resource. |
| ParentLink | The URI identifier for the parent of this resource (the server). |
| StartIPAddress | The lowest IP address in the range of the firewall rule. |
| EndIPAddress | The highest IP address in the range of the firewall rule. |
Common REST API Error Codes
Operations for Azure SQL Databases
Azure SQL Database
Azure SQL Database Firewall
Azure SQL Database Security Guidelines and Limitations
Azure SQL Database Cmdlets
New-AzureSqlDatabaseServerFirewallRule