sp_set_firewall_rule (Azure SQL Database)

THIS TOPIC APPLIES TO: noSQL Server yesAzure SQL DatabaseyesAzure SQL Data Warehouse noParallel Data Warehouse

Creates or updates the server-level firewall settings for your SQL Database server. This stored procedure is only available in the master database to the server-level principal login.

Syntax

sp_set_firewall_rule [@name = ] 'name', 
    [@start_ip_address =] 'start_ip_address', 
    [@end_ip_address =] 'end_ip_address'
[ ; ]  

Arguments

The following table demonstrates the supported arguments and options in Microsoft Azure SQL Database.

Name Datatype Description
[@name = ] ‘name’ NVARCHAR(128) The name used to describe and distinguish the server-level firewall setting.
[@start_ip_address =] ’start_ip_address’ VARCHAR(50) The lowest IP address in the range of the server-level firewall setting. IP addresses equal to or greater than this can attempt to connect to the SQL Database server. The lowest possible IP address is 0.0.0.0.
[@end_ip_address =] ‘end_ip_address’ VARCHAR(50) The highest IP address in the range of the server-level firewall setting. IP addresses equal to or less than this can attempt to connect to the SQL Database server. The highest possible IP address is 255.255.255.255.

Note: Windows Azure connection attempts are allowed when both this field and the start_ip_address field equals 0.0.0.0.

Remarks

The names of server-level firewall settings must be unique. If the name of the setting provided for the stored procedure already exists in the firewall settings table, the starting and ending IP addresses will be updated. Otherwise, a new server-level firewall setting will be created.

When you add a server-level firewall setting where the beginning and ending IP addresses are equal to 0.0.0.0, you enable access to your SQL Database server from Windows Azure. Provide a value to the name parameter that will help you remember what the server-level firewall setting is for.

In SQL Database, login data required to authenticate a connection and server-level firewall rules are temporarily cached in each database. This cache is periodically refreshed. To force a refresh of the authentication cache and make sure that a database has the latest version of the logins table, execute DBCC FLUSHAUTHCACHE (Transact-SQL).

Permissions

Only the server-level principal login created by the provisioning process can create or modify server level firewall rules. The user must be connected to the master database to execute sp_set_firewall_rule.

Examples

The following code creates a server-level firewall setting called Allow Windows Azure that enables access from Windows Azure. Execute the following in the virtual master database.

-- Enable Windows Azure connections.  
exec sp_set_firewall_rule N'Allow Windows Azure','0.0.0.0','0.0.0.0';  

The following code creates a server-level firewall setting called Example setting 1 for only the IP address 0.0.0.2. Then, the sp_set_firewall_rule stored procedure is called again to allow an additional IP address, 0.0.0.3, in that firewall setting.

-- Create server-level firewall setting for only IP 0.0.0.2  
exec sp_set_firewall_rule N'Example setting 1','0.0.0.2','0.0.0.2';  

-- Update server-level firewall setting to also allow IP 0.0.0.3  
exec sp_set_firewall_rule N'Example setting 1','0.0.0.2','0.0.0.3';  

See Also

Azure SQL Database Firewall
How to: Configure Firewall Settings (Azure SQL Database)
sys.firewall_rules (Azure SQL Database)