快速入門:使用 Azure 入口網站為單一和集區資料庫建立伺服器層級防火牆規則Quickstart: Create a server-level firewall rule for single and pooled databases using the Azure portal

本快速入門會逐步解說如何使用 Azure 入口網站,在 Azure SQL Database 中為單一和集區資料庫建立伺服器層級防火牆規則,以便您能連線至資料庫伺服器、單一資料庫和彈性集區及其資料庫。This quickstart walks through how to create a server-level firewall rule for single and pooled databases in Azure SQL Database using the Azure portal to enable you to connect to database servers, single databases, and elastic pools and their databases. 需要有防火牆規則,才能從其他 Azure 資源和從內部部署資源進行連線。A firewall rule is required to connect from other Azure resources and from on-premises resources.

必要條件Prerequisites

本快速入門將以使用 Azure 入口網站建立單一資料庫中建立的資源作為起始點。This quickstart uses the resources created in Create a single database using the Azure portal as its starting point.

登入 Azure 入口網站Sign in to the Azure portal

登入 Azure 入口網站Sign in to the Azure portal.

建立伺服器層級 IP 防火牆規則Create a server-level IP firewall rule

SQL Database 服務會在資料庫伺服器層級建立單一和集區資料庫的防火牆。The SQL Database service creates a firewall at the database server level for single and pooled databases. 除非您建立 IP 防火牆規則來開啟防火牆,否則此防火牆會防止用戶端應用程式連線到伺服器或其任何單一或集區資料庫。This firewall prevents client applications from connecting to the server or any of its single or pooled databases unless you create an IP firewall rule to open the firewall. 若要從 Azure 外部的 IP 位址連線,請針對您想要能夠連線的特定 IP 位址或位址範圍建立防火牆規則。For a connection from an IP address outside Azure, create a firewall rule for a specific IP address or range of addresses that you want to be able to connect. 如需伺服器層級和資料庫層級 IP 防火牆規則的詳細資訊,請參閱 SQL Database 伺服器層級和資料庫層級 IP 防火牆規則For more information about server-level and database-level IP firewall rules, see SQL Database server-level and database-level IP firewall rules.

注意

SQL Database 會透過連接埠 1433 通訊。SQL Database communicates over port 1433. 如果您嘗試從公司網路內進行連線,您網路的防火牆可能不允許透過連接埠 1433 的輸出流量。If you're trying to connect from within a corporate network, outbound traffic over port 1433 might not be allowed by your network's firewall. 若情況如此,除非 IT 部門開啟連接埠 1433,否則您無法連線至 Azure SQL Database 伺服器。If so, you can't connect to your Azure SQL Database server unless your IT department opens port 1433.

重要

0.0.0.0 的防火牆規則可讓所有 Azure 服務通過伺服器層級防火牆規則,並嘗試透過伺服器連線到單一或集區資料庫。A firewall rule of 0.0.0.0 enables all Azure services to pass through the server-level firewall rule and attempt to connect to a single or pooled database through the server.

請遵循下列步驟,為您用戶端的 IP 位址建立伺服器層級 IP 防火牆規則,並且讓外部連線僅能透過 SQL Database 防火牆存取該 IP 位址。Follow these steps to create a server-level IP firewall rule for your client's IP address and enable external connectivity through the SQL Database firewall for your IP address only.

  1. 完成必要 Azure SQL 資料庫部署之後,選取左側功能表中的 [SQL 資料庫] ,然後選擇 [SQL 資料庫] 頁面上的 mySampleDatabaseAfter the prerequisite Azure SQL database deployment completes, select SQL databases from the left-hand menu and then choose mySampleDatabase on the SQL databases page. 資料庫的概觀頁面隨即開啟,其中會顯示完整伺服器名稱 (例如 mynewserver-20170824.database.windows.net),並提供進一步的組態選項。The overview page for your database opens, showing you the fully qualified server name (such as mynewserver-20170824.database.windows.net) and provides options for further configuration.

  2. 在其他快速入門中,請複製此完整伺服器名稱,以在連線到伺服器及其資料庫時使用。Copy this fully qualified server name to use when connecting to your server and its databases in other quickstarts.

    伺服器名稱

  3. 在工具列上選取 [設定伺服器防火牆] 。Select Set server firewall on the toolbar. 資料庫伺服器的 [防火牆設定] 頁面隨即開啟。The Firewall settings page for the database server opens.

    伺服器層級 IP 防火牆規則

  4. 選擇工具列上的 [新增用戶端 IP] ,將您目前的 IP 位址新增至新的伺服器層級 IP 防火牆規則。Choose Add client IP on the toolbar to add your current IP address to a new server-level IP firewall rule. 伺服器層級 IP 防火牆規則可以針對單一 IP 位址或 IP 位址範圍開啟連接埠 1433。A server-level IP firewall rule can open port 1433 for a single IP address or a range of IP addresses.

    重要

    根據預設,已對所有 Azure 服務啟用透過 SQL Database 防火牆存取。By default, access through the SQL Database firewall is enabled for all Azure services. 選擇此頁面上的 [關閉] 即可對所有 Azure 服務停用。Choose OFF on this page to disable for all Azure services.

  5. 選取 [ 儲存]。Select Save. 系統會為目前的 IP 位址建立伺服器層級 IP 防火牆規則,以便在 SQL Database 伺服器上開啟連接埠 1433。A server-level IP firewall rule is created for your current IP address opening port 1433 on the SQL Database server.

  6. 關閉 [防火牆設定] 頁面。Close the Firewall settings page.

您現在可以利用 SQL Server Management Studio 或您所選的其他工具,使用先前建立的伺服器管理帳戶從這個 IP 位址連線至 SQL Database 伺服器及其資料庫。Using SQL Server Management Studio or another tool of your choice, you can now connect to the SQL Database server and its databases from this IP address using the server admin account created previously.

清除資源Clean up resources

如果您想移至後續步驟並了解如何使用各種不同方法來連線及查詢您的資料庫,請儲存這些資源。Save these resources if you want to go to Next steps and learn how to connect and query your database using a number of different methods. 不過,如果您要刪除在此快速入門中建立的資源,請使用下列步驟。If, however, you want to delete the resources that you created in this quickstart, use the following steps.

  1. 從 Azure 入口網站的左側功能表中,依序選取 [資源群組] 和 [myResourceGroup] 。From the left-hand menu in the Azure portal, select Resource groups and then select myResourceGroup.
  2. 在資源群組頁面上,選取 [刪除] ,在文字方塊中輸入 myResourceGroup,然後選取 [刪除] 。On your resource group page, select Delete, type myResourceGroup in the text box, and then select Delete.

後續步驟Next steps