question

ByronViljoen-5856 avatar image
0 Votes"
ByronViljoen-5856 asked JonelMRienton-3402 answered

Trying to block SQL access with an NSG.

Hi there,

I am trying to block my WebServer from accessing a SQL instance hosted on my DBServer.

I have included a topology of my network to possibly make troubleshooting easier.

3514-1.png

I have added an incoming rule to my NSG that is associated with my DBServers network interface

3483-2.png

I have even tried creating an NSG on the DBServer subnet to block all SQL access to the entire subnet on port 1433.

For some reason, i can still access my SQL server through SQL management studio on my webserver.

I can easily block access from the Windows firewall, but thats not really the point.

Really not sure what i am doing wrong?


azure-virtual-machines
1.png (39.2 KiB)
2.png (16.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

msrini-MSFT avatar image msrini-MSFT ·

Hi,

Is your subnet has service endpoints enabled ?
Also can you ping the db FQDN from the web server and check if it is resolving to the same DB which you are referring to ?

0 Votes 0 ·

1 Answer

JonelMRienton-3402 avatar image
0 Votes"
JonelMRienton-3402 answered

If you go to your SQL Server -> Security -> Firewalls and virtual networks, do you have the Allow Azure services and resources to access this server set to On?

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.