0
0
Azurecloud~10 mins

Azure SQL firewall rules - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Azure SQL firewall rules
Start: Azure SQL Server
Check incoming connection IP
Is IP in firewall rules?
NoReject connection
Yes
Allow connection to database
Connection established
Azure SQL checks the IP of incoming connections against firewall rules. If allowed, connection proceeds; otherwise, it is blocked.
Execution Sample
Azure
az sql server firewall-rule create --resource-group MyGroup --server MyServer --name AllowClientIP --start-ip-address 192.168.1.1 --end-ip-address 192.168.1.1
This command creates a firewall rule allowing the IP 192.168.1.1 to access the Azure SQL server.
Process Table
StepActionInput IPFirewall Rules CheckedResultConnection Status
1Incoming connection attempt192.168.1.1No rules yetNo matchRejected
2Create firewall rule192.168.1.1Add rule 192.168.1.1 - 192.168.1.1Rule addedN/A
3Incoming connection attempt192.168.1.1Check rule 192.168.1.1 - 192.168.1.1Match foundAllowed
4Incoming connection attempt192.168.1.2Check rule 192.168.1.1 - 192.168.1.1No matchRejected
💡 Connection attempts stop after allowed or rejected based on firewall rules.
Status Tracker
VariableStartAfter Step 2After Step 3After Step 4
FirewallRules[][192.168.1.1-192.168.1.1][192.168.1.1-192.168.1.1][192.168.1.1-192.168.1.1]
ConnectionIP192.168.1.1192.168.1.1192.168.1.1192.168.1.2
ConnectionStatusRejectedN/AAllowedRejected
Key Moments - 2 Insights
Why was the first connection attempt rejected even though the IP was 192.168.1.1?
Because no firewall rules existed yet at step 1, so the IP was not allowed. The rule was added only at step 2.
Does the firewall rule allow IPs outside the specified range?
No, only IPs within the start and end IP addresses in the firewall rule are allowed, as shown at step 4 where 192.168.1.2 was rejected.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the connection status at step 3 for IP 192.168.1.1?
ARejected
BPending
CAllowed
DUnknown
💡 Hint
Check the 'Connection Status' column at step 3 in the execution_table.
At which step is the firewall rule created?
AStep 1
BStep 2
CStep 3
DStep 4
💡 Hint
Look at the 'Action' column for when the rule is added in the execution_table.
If the firewall rule allowed IP range 192.168.1.1 to 192.168.1.5, what would be the connection status for IP 192.168.1.4 at step 4?
AAllowed
BRejected
CPending
DError
💡 Hint
Refer to the variable_tracker and execution_table logic about IP range matching.
Concept Snapshot
Azure SQL firewall rules control which IP addresses can connect.
Rules specify start and end IP addresses.
Incoming IPs are checked against these rules.
If IP matches, connection is allowed; otherwise, rejected.
Rules must be created before connections are accepted.
Full Transcript
Azure SQL firewall rules work by checking the IP address of any incoming connection against a list of allowed IP ranges. If the IP is within any allowed range, the connection is permitted. Otherwise, it is blocked. Initially, no rules exist, so connections are rejected. When a rule is created specifying a start and end IP address, connections from IPs in that range are allowed. This process ensures only trusted IPs can access the Azure SQL server.