| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.custom | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
PowerShell: Configure Azure SQL Database firewall rules | Microsoft Docs |
Learn how to configure server-level firewall rules for IP addresses that access Azure SQL databases uisng PowerShell. |
sql-database |
stevestein |
jhubbard |
30dcea72-61c1-48b6-8e1d-b1db2eb61567 |
sql-database |
authentication and authorization |
data-management |
na |
dotnet |
get-started-article |
08/09/2016 |
sstein |
[!div class="op_single_selector"]
Azure SQL Database uses firewall rules to allow connections to your servers and databases. You can define server-level and database-level firewall settings for the master database or a user database in your SQL Database server to selectively allow access to the database.
Important
To allow applications from Azure to connect to your database server, Azure connections must be enabled. For more information about firewall rules and enabling connections from Azure, see Azure SQL Database Firewall. If you are making connections inside the Azure cloud boundary, you may have to open some additional TCP ports. For more information, see the "V12 of SQL Database: Outside vs inside" section of Ports beyond 1433 for ADO.NET 4.5 and SQL Database V12.
[!INCLUDE Start your PowerShell session]
Server-level firewall rules can be created, updated, and deleted by using Azure PowerShell.
To create a new server-level firewall rule, execute the New-AzureRmSqlServerFirewallRule cmdlet. The following example enables a range of IP addresses on the server Contoso.
New-AzureRmSqlServerFirewallRule -ResourceGroupName 'resourcegroup1' -ServerName 'Contoso' -FirewallRuleName "ContosoFirewallRule" -StartIpAddress '192.168.1.1' -EndIpAddress '192.168.1.10'
To modify an existing server-level firewall rule, execute the Set-AzureRmSqlServerFirewallRule cmdlet. The following example changes the range of acceptable IP addresses for the rule named ContosoFirewallRule.
Set-AzureRmSqlServerFirewallRule -ResourceGroupName 'resourcegroup1' -StartIPAddress 192.168.1.4 -EndIPAddress 192.168.1.10 -FirewallRuleName 'ContosoFirewallRule' -ServerName 'Contoso'
To delete an existing server-level firewall rule, execute the Remove-AzureRmSqlServerFirewallRule cmdlet. The following example deletes the rule named ContosoFirewallRule.
Remove-AzureRmSqlServerFirewallRule -FirewallRuleName 'ContosoFirewallRule' -ServerName 'Contoso'
You can also use PowerShell to manage firewall rules. For more information, see the following topics:
- New-AzureRmSqlServerFirewallRule
- Remove-AzureRmSqlServerFirewallRule
- Set-AzureRmSqlServerFirewallRule
- Get-AzureRmSqlServerFirewallRule
For information about how to use Transact-SQL to create server-level and database-level firewall rules, see Configure Azure SQL Database server-level and database-level firewall rules using T-SQL.
For information about how to create server-level firewall rules using other methods, see:
- Configure Azure SQL Database server-level firewall rules using the Azure portal
- Configure Azure SQL Database server-level firewall rules using the REST API
For a tutorial on creating a database, see Create a SQL database in minutes using the Azure portal. For help connecting to an Azure SQL database from open source or third-party applications, see Client quick-start code samples to SQL Database. To understand how to navigate to databases, see Manage database access and login security.