Azure SQL Database traffic migration to newer Gateways

APPLIES TO: Azure SQL Database

As Azure infrastructure improves, Microsoft will periodically refresh hardware to ensure we provide the best possible customer experience. In the coming months, we plan to add gateways built on newer hardware generations, migrate traffic to them, and eventually decommission gateways built on older hardware in some regions.

Customers will be notified via service health notifications well in advance of any change to gateways available in each region. Customers can use the Azure portal to set up activity log alerts.

The most up-to-date information will be maintained in the Azure SQL Database gateway IP addresses table.

Status updates

August 2021

New SQL Gateways are being added to the following regions:

  • Norway East: 51.120.104.32, 51.120.208.32
  • Japan East: 40.79.184.32
  • Central India: 40.80.48.32, 20.192.96.32

These SQL Gateway shall start accepting customer traffic on 2 August 2021.

June 2021

New SQL Gateways are being added to the following regions:

  • UK West: 51.140.208.96, 51.140.208.97
  • Korea Central: 20.44.24.32, 20.194.64.33
  • Japan East: 13.78.104.32

These SQL Gateway shall start accepting customer traffic on 1 June 2021.

Impact of this change

Traffic migration may change the public IP address that DNS resolves for your database in Azure SQL Database. You may be impacted if you:

You will not be impacted if you have:

  • Redirection as the connection policy
  • Connections to SQL Database from inside Azure and using Service Tags
  • Connections made using supported versions of JDBC Driver for SQL Server will see no impact. For supported JDBC versions, see Download Microsoft JDBC Driver for SQL Server.

What to do you do if you're affected

We recommend that you allow outbound traffic to IP addresses for all the gateway IP addresses in the region on TCP port 1433. Also, allow port range 11000 thru 11999 when connecting from a client located within Azure (for example, an Azure VM) or when your Connection Policy is set to Redirection. This recommendation is applicable to clients connecting from on-premises and also those connecting via Service Endpoints. For more information on port ranges, see Connection policy.

Connections made from applications using Microsoft JDBC Driver below version 4.0 might fail certificate validation. Lower versions of Microsoft JDBC rely on Common Name (CN) in the Subject field of the certificate. The mitigation is to ensure that the hostNameInCertificate property is set to *.database.windows.net. For more information on how to set the hostNameInCertificate property, see Connecting with Encryption.

If the above mitigation doesn't work, file a support request for SQL Database or SQL Managed Instance using the following URL: https://aka.ms/getazuresupport

Next steps