Recently I had a session around using SQL Server on Azure and during this session one of the questions was to access the SQL Server in a Hybrid Setup. This is a typical scenario wherein the developer was requesting to connect to the SQL Server running on a VM from his application that was sitting inside his environment. Though there were specific steps that needed to be taken, he was getting some error. Let us learn about how to setup firewall with Azure SQL Server VMs.
After a moment of debugging, I realized it was a problem of Firewall. Though the initial test was by disabling the Firewall I was able to get the connectivity working. I enabled it immediately and then started to get into configuring the Firewall for exception for SQL Server traffic. This blog is more of a tutorial on how I was configuring the same.
Steps to enable the SQL Server traffic
To enable connection to the SQL Server from on-premises applications, you must open port 1433 on the SQL Server VM. Though this is an example, you need to see if you can change and use some other port for SQL Server connection. But this is reserved for some other time. The following steps will lead you through this:
- Login to SQL Server VM and Open firewall settings
- Create an inbound rule for the TCP port 1433 to allow connections
- Follow the default values on the wizard for the next steps and name the rule ‘SQL TCP’ and click OK.
Alternatively, you can use execute this PowerShell cmdlet to configure inbound firewall rule:
netsh advfirewall firewall add rule name='SQL Server (TCP-In)' program='C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe' dir=in action=allow protocol=TCP
This is an important step one needs to configure when working with VMs on Azure to access SQL Server. Though I have started to explore some of the core capabilities that come when working with Azure, I still see there are nuances that are quite different when compared to how an on-premise SQL Server would be. I am sure DBA’s and administrators are struggling to understand these use-cases that need to be configured because they have been used to connecting to SQL Server directly when working on their data centers.
Having said that, I felt this was something common and people are aware. But since I have done in my consulting couple of times in the past month that I get to write them down too.
Reference: Pinal Dave (https://blog.sqlauthority.com)