0
0
Azurecloud~5 mins

Azure SQL firewall rules - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Azure SQL firewall rules control which IP addresses can connect to your Azure SQL database. They help protect your database by allowing only trusted computers to access it.
When you want to allow your office computer to access the Azure SQL database securely.
When you need to let a web server in a specific IP range connect to your database.
When you want to block all access except from certain trusted IP addresses.
When you are setting up a new Azure SQL database and need to configure access.
When you want to allow your home IP address to connect temporarily for maintenance.
Commands
This command creates a firewall rule named AllowOfficeIP that allows the single IP address 203.0.113.5 to access the Azure SQL server. It is run first to open access for that IP.
Terminal
az sql server firewall-rule create --resource-group example-group --server example-sql-server --name AllowOfficeIP --start-ip-address 203.0.113.5 --end-ip-address 203.0.113.5
Expected OutputExpected
{ "endIpAddress": "203.0.113.5", "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-group/providers/Microsoft.Sql/servers/example-sql-server/firewallRules/AllowOfficeIP", "name": "AllowOfficeIP", "startIpAddress": "203.0.113.5", "type": "Microsoft.Sql/servers/firewallRules" }
--resource-group - Specifies the Azure resource group where the SQL server exists
--server - Specifies the name of the Azure SQL server
--start-ip-address - Defines the starting IP address allowed by the rule
--end-ip-address - Defines the ending IP address allowed by the rule
This command lists all firewall rules for the specified Azure SQL server to verify the rule was created successfully.
Terminal
az sql server firewall-rule list --resource-group example-group --server example-sql-server
Expected OutputExpected
[ { "endIpAddress": "203.0.113.5", "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-group/providers/Microsoft.Sql/servers/example-sql-server/firewallRules/AllowOfficeIP", "name": "AllowOfficeIP", "startIpAddress": "203.0.113.5", "type": "Microsoft.Sql/servers/firewallRules" } ]
--resource-group - Specifies the Azure resource group where the SQL server exists
--server - Specifies the name of the Azure SQL server
This command deletes the firewall rule named AllowOfficeIP to remove access for that IP address when it is no longer needed.
Terminal
az sql server firewall-rule delete --resource-group example-group --server example-sql-server --name AllowOfficeIP
Expected OutputExpected
No output (command runs silently)
--resource-group - Specifies the Azure resource group where the SQL server exists
--server - Specifies the name of the Azure SQL server
--name - Specifies the name of the firewall rule to delete
This command lists all firewall rules again to confirm the rule was deleted and access is revoked.
Terminal
az sql server firewall-rule list --resource-group example-group --server example-sql-server
Expected OutputExpected
[]
--resource-group - Specifies the Azure resource group where the SQL server exists
--server - Specifies the name of the Azure SQL server
Key Concept

If you remember nothing else from this pattern, remember: Azure SQL firewall rules let you control which IP addresses can connect to your database to keep it safe.

Common Mistakes
Setting the start IP address higher than the end IP address
The firewall rule will not work because the IP range is invalid and no IPs will be allowed.
Always set the start IP address to be the same or lower than the end IP address.
Not specifying the correct resource group or server name
The command will fail or modify the wrong server's firewall rules.
Double-check the resource group and server name before running commands.
Forgetting to delete temporary firewall rules after use
Leaving open firewall rules can expose your database to unwanted access.
Remove firewall rules when they are no longer needed to maintain security.
Summary
Create firewall rules to allow specific IP addresses access to your Azure SQL server.
List firewall rules to verify which IPs have access.
Delete firewall rules to remove access when it is no longer needed.