SQL Azure Firewall – Tutorial

SQL Azure comes with a built-in  firewall, through which all connection attempts to a SQL Azure database must pass. By  default the firewall blocks all access to the database even from your own Azure applications. The first step in configuring the firewall is therefore to navigate to SQL Azure in the online Azure developer portal, select the Firewall tab and check “Allow Microsoft Services access to this server” . This will enable other Azure services in your app to communicate with SQL Azure (NB this isnt necessary if you are using the SQL Azure database with non-Azure apps). This will add an entry for MicrosoftServices as a firewall rule.

This will be sufficient for your Azure apps to run bu you will also need to access the server for development purposes and so additional rules are required. Simply click Add Rule, name the rule and set the IP address range for the rule. In this example I have set an extremely strict rule to only allow my IP access to the database. To turn off the firewall enter the range 0.0.0.0 to 255.255.255.255 but this is obviously not recommended.
Bear in mind your local development environment may also have a firewall and to connect to the SQL Azure database you must have enable TCP communication on TCP port 1433.

The firewall can also be manipulated by executing TSQL against the Master database (you will obviously have to configure a firewall rule allowing a connect from the source of the TSQL first).

View Firewall Rules

The  sys.firewall_rules view contains the  id, name, start_ip_address, end_ip_address, create_date and modify_date for the firewall rules.

--Select all firewall rules
select * from sys.firewall_rules

Add/Update Firewall Rules

Use the sp_set_firewall_rule stored procedure to add or update firewall rules, with name, start_ip_address, end_ip_address as the parameters.

--Create a firewall rule
exec sp_set_firewall_rule N'azureSupDev','0.102.129.120','0.102.130.110'

--Update a firewall rule
exec sp_set_firewall_rule N'azureSupDev','0.102.129.120','0.102.130.135'

Delete Firewall Rules

Use the sp_delete_firewall_rule stored procedure to delete firewall rules, with name as the only parameter:

--Delete a firewall rule
exec sp_set_firewall_rule N'azureSupDev','0.102.129.120','0.102.130.135'

Related Articles:

• Migrating A SQL Server Database To SQL Azure
• SQL Azure Encryption and Compression [FAQ]
• SQL Azure Backup
• SQL Azure Migration – Moving the Data [FAQ]
• SQL Azure Failover [FAQ]