0
0
AzureHow-ToBeginner · 4 min read

How to Configure Firewall for Azure SQL Database

To configure the firewall for Azure SQL Database, you create firewall rules that allow specific IP addresses or ranges to access the database server. This can be done via the Azure Portal, Azure CLI, or PowerShell by specifying the start and end IP addresses for allowed connections.
📐

Syntax

Firewall rules for Azure SQL Database require specifying the server name and the IP address range to allow. The key parts are:

  • Server name: The Azure SQL server to configure.
  • Start IP address: The beginning of the allowed IP range.
  • End IP address: The end of the allowed IP range.

These rules control which IP addresses can connect to your Azure SQL server.

bash
az sql server firewall-rule create --resource-group <resource-group-name> --server <server-name> --name <rule-name> --start-ip-address <start-ip> --end-ip-address <end-ip>
💻

Example

This example shows how to create a firewall rule named AllowMyIP to allow access from a single IP address 203.0.113.5 to an Azure SQL server named myazuresqlserver in the resource group myResourceGroup.

bash
az sql server firewall-rule create --resource-group myResourceGroup --server myazuresqlserver --name AllowMyIP --start-ip-address 203.0.113.5 --end-ip-address 203.0.113.5
Output
{ "endIpAddress": "203.0.113.5", "id": "/subscriptions/xxxx/resourceGroups/myResourceGroup/providers/Microsoft.Sql/servers/myazuresqlserver/firewallRules/AllowMyIP", "name": "AllowMyIP", "startIpAddress": "203.0.113.5", "type": "Microsoft.Sql/servers/firewallRules" }
⚠️

Common Pitfalls

  • Not specifying the correct IP range can block all access or allow unwanted access.
  • For single IP addresses, start and end IP must be the same.
  • For Azure services to access the server, enable the Allow Azure services and resources to access this server option separately.
  • Firewall rules apply at the server level, not the individual database level.
bash
az sql server firewall-rule create --resource-group myResourceGroup --server myazuresqlserver --name WrongRule --start-ip-address 203.0.113.10 --end-ip-address 203.0.113.5

# Corrected version:
az sql server firewall-rule create --resource-group myResourceGroup --server myazuresqlserver --name CorrectRule --start-ip-address 203.0.113.5 --end-ip-address 203.0.113.10
📊

Quick Reference

ParameterDescription
--resource-groupName of the Azure resource group containing the SQL server
--serverName of the Azure SQL server to configure
--nameName of the firewall rule
--start-ip-addressStart of the allowed IP address range
--end-ip-addressEnd of the allowed IP address range

Key Takeaways

Create firewall rules to allow specific IP addresses or ranges to access Azure SQL server.
Use the same IP for start and end to allow a single IP address.
Firewall rules apply at the server level, not per database.
Enable 'Allow Azure services' option separately if needed.
Double-check IP ranges to avoid blocking legitimate access.

Related by keyword

How to Configure Azure CLI: Setup and Usage GuideGetting StartedHow to Configure App Settings in Azure App ServiceApp ServiceHow to Configure a Custom Domain in Azure: Step-by-Step GuideNetworkingWhat is Azure Firewall: Overview and UsageNetworkingHow to Configure Custom Domain for Azure App ServiceApp Service

Up next

Azure Data Lake Storage: What It Is and How It WorksWhat is Azure File Storage: Simple Explanation and Use CasesAzure Front Door vs Application Gateway: Key Differences and UsageHow to Create Network Security Group in Azure: Step-by-Step Guide

More in Azure SQL and CosmosDB

Azure SQL vs SQL Server: Key Differences and When to Use EachCosmosDB vs DynamoDB: Key Differences and When to Use EachCosmosDB vs MongoDB in Azure: Key Differences and When to Use EachDTU vs vCore in Azure SQL: Key Differences and When to Use Each