Azure SQL Database 和 Azure SQL 資料倉儲 IP 防火牆規則Azure SQL Database and Azure SQL Data Warehouse IP firewall rules

注意

本文適用于 Azure SQL 伺服器,以及在 Azure SQL server 上的 Azure SQL Database 和 Azure SQL 資料倉儲資料庫。This article applies to Azure SQL servers, and to both Azure SQL Database and Azure SQL Data Warehouse databases on an Azure SQL server. 為了簡單起見, SQL Database用來參考 SQL Database 和 SQL 資料倉儲。For simplicity, SQL Database is used to refer to both SQL Database and SQL Data Warehouse.

重要

本文「不」適用於 Azure SQL Database 受控執行個體This article does not apply to Azure SQL Database Managed Instance. 如需網路設定的相關資訊,請參閱將您的應用程式連線到 Azure SQL Database 受控執行個體For information about network configuration, see Connect your application to Azure SQL Database Managed Instance.

例如,當您建立名為mysqlserver的新 Azure SQL server 時,SQL Database 防火牆會封鎖對伺服器之公用端點的所有存取(可在mysqlserver.database.windows.net存取)。When you create a new Azure SQL server named mysqlserver, for example, the SQL Database firewall blocks all access to the public endpoint for the server (which is accessible at mysqlserver.database.windows.net).

重要

SQL 資料倉儲只支援伺服器層級 IP 防火牆規則。SQL Data Warehouse only supports server-level IP firewall rules. 它不支援資料庫層級 IP 防火牆規則。It doesn't support database-level IP firewall rules.

防火牆的運作方式How the firewall works

來自網際網路和 Azure 的連接嘗試必須通過防火牆,才能到達您的 SQL server 或 SQL database,如下圖所示。Connection attempts from the internet and Azure must pass through the firewall before they reach your SQL server or SQL database, as the following diagram shows.

防火牆設定圖表

伺服器層級 IP 防火牆規則Server-level IP firewall rules

這些規則可讓用戶端存取整個 Azure SQL Server,也就是相同 SQL Database 伺服器內的所有資料庫。These rules enable clients to access your entire Azure SQL server, that is, all the databases within the same SQL Database server. 這些規則會儲存在master資料庫中。The rules are stored in the master database.

您可以使用 Azure 入口網站、PowerShell 或 Transact-sql 語句來設定伺服器層級 IP 防火牆規則。You can configure server-level IP firewall rules by using the Azure portal, PowerShell, or Transact-SQL statements.

  • 若要使用入口網站或 PowerShell,您必須是訂用帳戶擁有者或訂用帳戶參與者。To use the portal or PowerShell, you must be the subscription owner or a subscription contributor.
  • 若要使用 Transact-sql,您必須以伺服器層級主體登入或 Azure Active Directory 系統管理員的身分,連接到 SQL Database 實例。To use Transact-SQL, you must connect to the SQL Database instance as the server-level principal login or as the Azure Active Directory administrator. (伺服器層級 IP 防火牆規則必須先由具有 Azure 層級許可權的使用者建立)。(A server-level IP firewall rule must first be created by a user who has Azure-level permissions.)

資料庫層級 IP 防火牆規則Database-level IP firewall rules

這些規則可讓用戶端存取同部 SQL Database 伺服器內的特定 (安全) 資料庫。These rules enable clients to access certain (secure) databases within the same SQL Database server. 您可以為每個資料庫(包括master資料庫)建立規則,並將它們儲存在個別的資料庫中。You create the rules for each database (including the master database), and they're stored in the individual database.

只有在您設定第一個伺服器層級防火牆之後,才可以使用 Transact-sql 語句來建立和管理主要和使用者資料庫的資料庫層級 IP 防火牆規則。You can only create and manage database-level IP firewall rules for master and user databases by using Transact-SQL statements and only after you configure the first server-level firewall.

如果您在資料庫層級 IP 防火牆規則中指定的 IP 位址範圍超出伺服器層級 IP 防火牆規則的範圍,只有在資料庫層級範圍中具有 IP 位址的用戶端可以存取資料庫。If you specify an IP address range in the database-level IP firewall rule that's outside the range in the server-level IP firewall rule, only those clients that have IP addresses in the database-level range can access the database.

對於資料庫,您最多可以有 128 個資料庫層級 IP 防火牆規則。You can have a maximum of 128 database-level IP firewall rules for a database. 如需設定資料庫層級 IP 防火牆規則的詳細資訊,請參閱本文稍後的範例,並參閱sp_set_database_firewall_rule (Azure SQL Database)For more information about configuring database-level IP firewall rules, see the example later in this article and see sp_set_database_firewall_rule (Azure SQL Database).

如何設定防火牆規則的建議Recommendations for how to set firewall rules

我們建議您盡可能使用資料庫層級 IP 防火牆規則。We recommend that you use database-level IP firewall rules whenever possible. 這種作法可增強安全性,並讓您的資料庫更具可攜性。This practice enhances security and makes your database more portable. 針對系統管理員使用伺服器層級 IP 防火牆規則。Use server-level IP firewall rules for administrators. 當您有多個資料庫具有相同的存取需求,而且不想要個別設定每個資料庫時,也可以使用它們。Also use them when you have many databases that have the same access requirements, and you don't want to configure each database individually.

注意

如需可讓業務持續運作的可攜式資料庫資訊,請參閱災害復原的驗證需求For information about portable databases in the context of business continuity, see Authentication requirements for disaster recovery.

伺服器層級與資料庫層級 IP 防火牆規則Server-level versus database-level IP firewall rules

某個資料庫的使用者是否應該與其他資料庫完全隔離?Should users of one database be fully isolated from another database?

如果,請使用資料庫層級 IP 防火牆規則來授與存取權。If yes, use database-level IP firewall rules to grant access. 這個方法可避免使用伺服器層級 IP 防火牆規則,以允許透過防火牆存取所有資料庫。This method avoids using server-level IP firewall rules, which permit access through the firewall to all databases. 這會降低您的防禦深度。That would reduce the depth of your defenses.

IP 位址的使用者是否需要存取所有資料庫?Do users at the IP addresses need access to all databases?

如果,請使用伺服器層級 IP 防火牆規則來減少您必須設定 IP 防火牆規則的次數。If yes, use server-level IP firewall rules to reduce the number of times that you have to configure IP firewall rules.

設定 IP 防火牆規則的人員或小組是否只能透過 Azure 入口網站、PowerShell 或 REST API 存取?Does the person or team who configures the IP firewall rules only have access through the Azure portal, PowerShell, or the REST API?

若是如此,您就必須使用伺服器層級 IP 防火牆規則。If so, you must use server-level IP firewall rules. 資料庫層級 IP 防火牆規則只能透過 Transact-sql 來設定。Database-level IP firewall rules can only be configured through Transact-SQL.

設定 IP 防火牆規則的人員或小組是否禁止在資料庫層級擁有高階許可權?Is the person or team who configures the IP firewall rules prohibited from having high-level permission at the database level?

若是如此,請使用伺服器層級 IP 防火牆規則。If so, use server-level IP firewall rules. 您至少需要資料庫層級的CONTROL DATABASE許可權,才能透過 transact-sql 設定資料庫層級 IP 防火牆規則。You need at least CONTROL DATABASE permission at the database level to configure database-level IP firewall rules through Transact-SQL.

設定或審核 IP 防火牆規則的人員或小組是否會集中管理許多(或許上百)資料庫的 IP 防火牆規則?Does the person or team who configures or audits the IP firewall rules centrally manage IP firewall rules for many (perhaps hundreds) of databases?

在此案例中,最佳作法取決於您的需求和環境。In this scenario, best practices are determined by your needs and environment. 伺服器層級 IP 防火牆規則可能會比較容易設定,但是指令碼可以設定資料庫層級的規則。Server-level IP firewall rules might be easier to configure, but scripting can configure rules at the database-level. 而且,即使您使用伺服器層級 IP 防火牆規則,您可能還是需要審核資料庫層級 IP 防火牆規則,以查看具有資料庫之CONTROL許可權的使用者是否會建立資料庫層級 ip 防火牆規則。And even if you use server-level IP firewall rules, you might need to audit database-level IP firewall rules to see if users with CONTROL permission on the database create database-level IP firewall rules.

是否可以混合使用伺服器層級和資料庫層級的 IP 防火牆規則?Can I use a mix of server-level and database-level IP firewall rules?

是的。Yes. 某些使用者(例如系統管理員)可能需要伺服器層級 IP 防火牆規則。Some users, such as administrators, might need server-level IP firewall rules. 其他使用者 (例如資料庫應用程式的使用者) 可能需要資料庫層級 IP 防火牆規則。Other users, such as users of a database application, might need database-level IP firewall rules.

從網際網路的連接Connections from the internet

當電腦嘗試從網際網路連線到您的資料庫伺服器時,防火牆會先根據連接要求之資料庫的資料庫層級 IP 防火牆規則來檢查要求的原始 IP 位址。When a computer tries to connect to your database server from the internet, the firewall first checks the originating IP address of the request against the database-level IP firewall rules for the database that the connection requests.

  • 如果位址是在資料庫層級 IP 防火牆規則中指定的範圍內,則會將連線授與包含規則的 SQL database。If the address is within a range that's specified in the database-level IP firewall rules, the connection is granted to the SQL database that contains the rule.
  • 如果位址不在資料庫層級 IP 防火牆規則的範圍內,防火牆會檢查伺服器層級 IP 防火牆規則。If the address isn't within a range in the database-level IP firewall rules, the firewall checks the server-level IP firewall rules. 如果位址在伺服器層級 IP 防火牆規則的範圍內,則會授與連線。If the address is within a range that's in the server-level IP firewall rules, the connection is granted. 伺服器層級 IP 防火牆規則適用於 Azure SQL Server 上的所有 SQL Database。Server-level IP firewall rules apply to all SQL databases on the Azure SQL server.
  • 如果位址不在任何資料庫層級或伺服器層級 IP 防火牆規則的範圍內,連接要求就會失敗。If the address isn't within a range that's in any of the database-level or server-level IP firewall rules, the connection request fails.

注意

若要從您的本機電腦存取 SQL Database,請確定網路和本機電腦上的防火牆允許 TCP 埠1433上的連出通訊。To access SQL Database from your local computer, ensure that the firewall on your network and local computer allow outgoing communication on TCP port 1433.

從 Azure 內部連線Connections from inside Azure

若要允許裝載于 Azure 內的應用程式連線到您的 SQL server,必須啟用 Azure 連線。To allow applications hosted inside Azure to connect to your SQL server, Azure connections must be enabled. 當來自 Azure 的應用程式嘗試連線到您的資料庫伺服器時,防火牆會驗證是否允許 Azure 連線。When an application from Azure tries to connect to your database server, the firewall verifies that Azure connections are allowed. 若防火牆設定的開始和結束 IP 位址等於0.0.0.0 ,則表示允許 Azure 連線。A firewall setting that has starting and ending IP addresses equal to 0.0.0.0 indicates that Azure connections are allowed. 如果不允許連接,要求就不會到達 SQL Database 伺服器。If the connection isn't allowed, the request doesn't reach the SQL Database server.

重要

此選項會將防火牆設定為允許所有來自 Azure 的連線,包括來自其他客戶訂用帳戶的連線。This option configures the firewall to allow all connections from Azure, including connections from the subscriptions of other customers. 如果您選取此選項,請確定您的登入和使用者權限僅限制授權使用者的存取權。If you select this option, make sure that your login and user permissions limit access to authorized users only.

建立和管理 IP 防火牆規則Create and manage IP firewall rules

您可以使用Azure 入口網站或以程式設計方式使用Azure PowerShellAzure CLI或 Azure REST API來建立第一個伺服器層級防火牆設定。You create the first server-level firewall setting by using the Azure portal or programmatically by using Azure PowerShell, Azure CLI, or an Azure REST API. 您可以使用這些方法或 Transact-sql 來建立和管理其他伺服器層級 IP 防火牆規則。You create and manage additional server-level IP firewall rules by using these methods or Transact-SQL.

重要

資料庫層級 IP 防火牆規則只能使用 Transact-sql 來建立和管理。Database-level IP firewall rules can only be created and managed by using Transact-SQL.

為提升效能,系統會暫時在資料庫層級快取伺服器層級 IP 防火牆規則。To improve performance, server-level IP firewall rules are temporarily cached at the database level. 若應重新整理快取,請參閱 DBCC FLUSHAUTHCACHETo refresh the cache, see DBCC FLUSHAUTHCACHE.

提示

您可以使用 SQL Database 稽核來稽核伺服器等級和資料庫等級防火牆的變更。You can use SQL Database Auditing to audit server-level and database-level firewall changes.

使用 Azure 入口網站管理伺服器層級 IP 防火牆規則Use the Azure portal to manage server-level IP firewall rules

若要在 Azure 入口網站中設定伺服器層級 IP 防火牆規則,請移至您的 Azure SQL database 或 SQL Database 伺服器的 [總覽] 頁面。To set a server-level IP firewall rule in the Azure portal, go to the overview page for your Azure SQL database or your SQL Database server.

提示

如需教學課程,請參閱使用 Azure 入口網站建立 DBFor a tutorial, see Create a DB using the Azure portal.

從資料庫的 [總覽] 頁面From the database overview page

  1. 若要從 [資料庫總覽] 頁面設定伺服器層級 IP 防火牆規則,請選取工具列上的 [設定伺服器防火牆],如下圖所示。To set a server-level IP firewall rule from the database overview page, select Set server firewall on the toolbar, as the following image shows. SQL Database 伺服器的 [防火牆設定] 頁面隨即開啟。The Firewall settings page for the SQL Database server opens.

    伺服器 IP 防火牆規則

  2. 選取工具列上的 [新增用戶端 IP ],以新增您所使用之電腦的 ip 位址,然後選取 [儲存]。Select Add client IP on the toolbar to add the IP address of the computer that you're using, and then select Save. 系統便會為目前的 IP 位址建立伺服器層級 IP 防火牆規則。A server-level IP firewall rule is created for your current IP address.

    設定伺服器層級 IP 防火牆規則

從 [伺服器總覽] 頁面From the server overview page

伺服器的 [總覽] 頁面隨即開啟。The overview page for your server opens. 它會顯示完整伺服器名稱(例如mynewserver20170403.database.windows.net),並提供進一步設定的選項。It shows the fully qualified server name (such as mynewserver20170403.database.windows.net) and provides options for further configuration.

  1. 若要從這個頁面設定伺服器層級規則,請從左側的 [設定] 功能表中選取 [防火牆]。To set a server-level rule from this page, select Firewall from the Settings menu on the left side.

  2. 選取工具列上的 [新增用戶端 IP ],以新增您所使用之電腦的 ip 位址,然後選取 [儲存]。Select Add client IP on the toolbar to add the IP address of the computer that you're using, and then select Save. 系統便會為目前的 IP 位址建立伺服器層級 IP 防火牆規則。A server-level IP firewall rule is created for your current IP address.

使用 Transact-sql 來管理 IP 防火牆規則Use Transact-SQL to manage IP firewall rules

目錄檢視或預存程式Catalog view or stored procedure 層級Level 描述Description
sys.firewall_rulessys.firewall_rules 伺服器Server 顯示目前的伺服器層級 IP 防火牆規則Displays the current server-level IP firewall rules
sp_set_firewall_rulesp_set_firewall_rule 伺服器Server 建立或更新伺服器層級 IP 防火牆規則Creates or updates server-level IP firewall rules
sp_delete_firewall_rulesp_delete_firewall_rule 伺服器Server 移除伺服器層級 IP 防火牆規則Removes server-level IP firewall rules
sys.database_firewall_rulessys.database_firewall_rules 資料庫Database 顯示目前的伺服器層級 IP 防火牆規則Displays the current database-level IP firewall rules
sp_set_database_firewall_rulesp_set_database_firewall_rule 資料庫Database 建立或更新伺服器層級 IP 防火牆規則Creates or updates the database-level IP firewall rules
sp_delete_database_firewall_rulesp_delete_database_firewall_rule 資料庫Databases 移除資料庫層級 IP 防火牆規則Removes database-level IP firewall rules

下列範例會審查現有的規則、在Contoso伺服器上啟用 ip 位址範圍,並刪除 ip 防火牆規則:The following example reviews the existing rules, enables a range of IP addresses on the server Contoso, and deletes an IP firewall rule:

SELECT * FROM sys.firewall_rules ORDER BY name;

接下來,新增伺服器層級 IP 防火牆規則。Next, add a server-level IP firewall rule.

EXECUTE sp_set_firewall_rule @name = N'ContosoFirewallRule',
   @start_ip_address = '192.168.1.1', @end_ip_address = '192.168.1.10'

若要刪除伺服器層級 IP 防火牆規則,請執行sp_delete_firewall_rule預存程式。To delete a server-level IP firewall rule, execute the sp_delete_firewall_rule stored procedure. 下列範例會刪除規則ContosoFirewallRuleThe following example deletes the rule ContosoFirewallRule:

EXECUTE sp_delete_firewall_rule @name = N'ContosoFirewallRule'

使用 PowerShell 管理伺服器層級 IP 防火牆規則Use PowerShell to manage server-level IP firewall rules

注意

本文已更新為使用新的 Azure PowerShell Az 模組。This article has been updated to use the new Azure PowerShell Az module. AzureRM 模組在至少 2020 年 12 月之前都還會持續收到錯誤 (Bug) 修正,因此您仍然可以持續使用。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要深入了解新的 Az 模組和 AzureRM 的相容性,請參閱新的 Azure PowerShell Az 模組簡介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 如需 Az 模組安裝指示,請參閱安裝 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

重要

Azure SQL Database 仍然支援 PowerShell Azure Resource Manager 模組,但所有開發現在都是針對 Az .Sql 模組。The PowerShell Azure Resource Manager module is still supported by Azure SQL Database, but all development is now for the Az.Sql module. 如需這些 Cmdlet,請參閱AzureRMFor these cmdlets, see AzureRM.Sql. Az 和 AzureRm 模組中命令的引數本質上完全相同。The arguments for the commands in the Az and AzureRm modules are substantially identical.

CmdletCmdlet 層級Level 描述Description
Get-AzSqlServerFirewallRuleGet-AzSqlServerFirewallRule 伺服器Server 返回目前的伺服器層級防火牆規則Returns the current server-level firewall rules
New-AzSqlServerFirewallRuleNew-AzSqlServerFirewallRule 伺服器Server 建立新的伺服器層級防火牆規則Creates a new server-level firewall rule
Set-AzSqlServerFirewallRuleSet-AzSqlServerFirewallRule 伺服器Server 更新現有伺服器層級防火牆規則的屬性Updates the properties of an existing server-level firewall rule
Remove-AzSqlServerFirewallRuleRemove-AzSqlServerFirewallRule 伺服器Server 移除伺服器層級防火牆規則Removes server-level firewall rules

下列範例會使用 PowerShell 來設定伺服器層級 IP 防火牆規則:The following example uses PowerShell to set a server-level IP firewall rule:

New-AzSqlServerFirewallRule -ResourceGroupName "myResourceGroup" `
    -ServerName $servername `
    -FirewallRuleName "AllowSome" -StartIpAddress "0.0.0.0" -EndIpAddress "0.0.0.0"

使用 CLI 來管理伺服器層級 IP 防火牆規則Use CLI to manage server-level IP firewall rules

CmdletCmdlet 層級Level 描述Description
az sql server firewall-rule createaz sql server firewall-rule create 伺服器Server 建立伺服器 IP 防火牆規則Creates a server IP firewall rule
az sql server firewall-rule listaz sql server firewall-rule list 伺服器Server 列出伺服器上的 IP 防火牆規則Lists the IP firewall rules on a server
az sql server firewall-rule showaz sql server firewall-rule show 伺服器Server 顯示 IP 防火牆規則的詳細資料Shows the detail of an IP firewall rule
az sql server firewall-rule updateaz sql server firewall-rule update 伺服器Server 更新 IP 防火牆規則Updates an IP firewall rule
az sql server firewall-rule deleteaz sql server firewall-rule delete 伺服器Server 刪除 IP 防火牆規則Deletes an IP firewall rule

下列範例會使用 CLI 來設定伺服器層級 IP 防火牆規則:The following example uses CLI to set a server-level IP firewall rule:

az sql server firewall-rule create --resource-group myResourceGroup --server $servername \
-n AllowYourIp --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0

使用 REST API 來管理伺服器層級 IP 防火牆規則Use a REST API to manage server-level IP firewall rules

APIAPI 層級Level 描述Description
列出防火牆規則List firewall rules 伺服器Server 顯示目前的伺服器層級 IP 防火牆規則Displays the current server-level IP firewall rules
建立或更新防火牆規則Create or update firewall rules 伺服器Server 建立或更新伺服器層級 IP 防火牆規則Creates or updates server-level IP firewall rules
刪除防火牆規則Delete firewall rules 伺服器Server 移除伺服器層級 IP 防火牆規則Removes server-level IP firewall rules
取得防火牆規則Get firewall rules 伺服器Server 取得伺服器層級 IP 防火牆規則Gets server-level IP firewall rules

針對資料庫防火牆進行疑難排解Troubleshoot the database firewall

當 SQL Database 服務的存取未如預期般運作時,請考慮下列幾點。Consider the following points when access to the SQL Database service doesn't behave as you expect.

  • 本機防火牆組態:Local firewall configuration:

    您可能需要在電腦上為 TCP 通訊埠1433建立防火牆例外,您的電腦才能存取 SQL Database。Before your computer can access SQL Database, you may need to create a firewall exception on your computer for TCP port 1433. 若要在 Azure 雲端界限內進行連線,您可能必須開啟其他埠。To make connections inside the Azure cloud boundary, you may have to open additional ports. 如需詳細資訊,請參閱 < SQL Database:ADO.NET 4.5 和 SQL Database 的埠超過1433的外部「與內部」區段。For more information, see the "SQL Database: Outside vs inside" section of Ports beyond 1433 for ADO.NET 4.5 and SQL Database.

  • 網路位址轉譯:Network address translation:

    由於網路位址轉譯(NAT)的不同,電腦用來連線到 SQL Database 的 IP 位址可能會與您電腦的 IP 設定中的 IP 位址不同。Because of network address translation (NAT), the IP address that's used by your computer to connect to SQL Database may be different than the IP address in your computer's IP configuration settings. 若要查看您的電腦用來連線到 Azure 的 IP 位址:To view the IP address that your computer is using to connect to Azure:

    1. 登入入口網站。Sign in to the portal.
    2. 在裝載您資料庫的伺服器上,移至 [設定] 索引標籤。Go to the Configure tab on the server that hosts your database.
    3. 目前的用戶端 IP 位址會顯示在 [允許的 ip 位址] 區段中。The Current Client IP Address is displayed in the Allowed IP Addresses section. 針對 [允許的 IP 位址] 選取 [新增],以允許這部電腦存取伺服器。Select Add for Allowed IP Addresses to allow this computer to access the server.
  • 對允許清單所做的變更尚未生效:Changes to the allow list haven't taken effect yet:

    SQL Database 防火牆設定的變更最多可能會延遲5分鐘才會生效。There may be up to a five-minute delay for changes to the SQL Database firewall configuration to take effect.

  • 登入未獲授權,或使用了不正確的密碼:The login isn't authorized, or an incorrect password was used:

    如果登入沒有 SQL Database 伺服器的許可權,或密碼不正確,則會拒絕與伺服器的連接。If a login doesn't have permissions on the SQL Database server or the password is incorrect, the connection to the server is denied. 建立防火牆設定只會讓用戶端有機會嘗試連接到您的伺服器。Creating a firewall setting only gives clients an opportunity to try to connect to your server. 用戶端仍然必須提供必要的安全性認證。The client must still provide the necessary security credentials. 如需準備登入的詳細資訊,請參閱控制和授與 SQL Database 和 SQL 資料倉儲的資料庫存取權For more information about preparing logins, see Controlling and granting database access to SQL Database and SQL Data Warehouse.

  • 動態 IP 位址:Dynamic IP address:

    如果您有使用動態 IP 位址的網際網路連線,而且在通過防火牆時遇到問題,請嘗試下列其中一個解決方案:If you have an internet connection that uses dynamic IP addressing and you have trouble getting through the firewall, try one of the following solutions:

    • 請向您的網際網路服務提供者要求指派給用戶端電腦的 IP 位址範圍,以存取 SQL Database 伺服器。Ask your internet service provider for the IP address range that's assigned to your client computers that access the SQL Database server. 將該 IP 位址範圍新增為 IP 防火牆規則。Add that IP address range as an IP firewall rule.
    • 改為取得用戶端電腦的靜態 IP 位址。Get static IP addressing instead for your client computers. 將 IP 位址新增為 IP 防火牆規則。Add the IP addresses as IP firewall rules.

後續步驟Next steps