SQL Azure firewall is an interesting security feature of SQL Azure. The ultimate aim of the firewall is to protect data and it does that by blocking IP addresses that are not granted permission to access the SQL Azure server.
In this article, we will see how to grant firewall access from Azure management portal. Now, The connection requests that a SQL Azure server gets can be broadly classified in two categories. 1) connection request from Internet 2) connection request from Azure. Let’s see how to grant access to each type of connection request.
How to give firewall access to connection request originating from Azure? To allow Azure services to access the SQL Azure service, just add the firewall rule 0.0.0.0 – 0.0.0.0 in the firewall rules or alternatively just check the box – “allow other windows Azure services to access this server”. To do so, go to Azure management portal –> select your server –> click on ‘firewall rules : [number] ’ which is visible in the center pane along with server information. you will see this:
Now, Let’s grant access to requests originating from Internet. Now this time click the add button in the firewall pane:
After clicking on ‘add’, you will see:
Give a name to the rule and input the start range and the end range. Also not that your current IP address is shown in the panel. Input this in the start and the end range to give access to the connection request originating from your current machine. Then press ‘ok’. you will be able to this rule in the firewall panel now. After, adding the rule, allow some time for the SQL Azure firewall settings to take effect. Also after adding the firewall rule, you can update and delete it – if you wish so through the Azure portal itself from the ‘update’ and ‘delete’ button respectively.
Sometimes, the IP shown in the local IP configurations can be different from IP shown in the firewall panel on management portal, this is due to use of NAT and you should add the IP mentioned in your firewall panel on Azure portal to give access to your machine. Apart from this, your local firewall should be configured to have firewall exception for the TCP 1433 port.To know how to do this click here (link to debugmode.net blog)
Also one can configure the firewall rules from SQL server management studio, read more on parasdoshi.com
How to configure Firewall settings via SSMS
One can also fetch, add and delete firewall rules programatically through API. read more on debugmode.net
1. How to Fetch SQL Azure Firewall rules programatically
2. How to add / delete SQL Azure firewall rules programatically
Thus in this article, we saw how to configure the SQL Azure firewall rules through Azure management portal.