Azure SQL 数据库和 Azure Synapse IP 防火墙规则Azure SQL Database and Azure Synapse IP firewall rules

适用于:是Azure SQL 数据库是Azure Synapse Analytics (SQL DW)APPLIES TO: yesAzure SQL Database yesAzure Synapse Analytics (SQL DW)

例如,在 Azure SQL 数据库或 Azure Synapse Analytics 中创建名为 mysqlserver 的新服务器时,一个服务器级别的防火墙会阻止对该服务器的公共终结点进行任何访问(可通过 mysqlserver.database.chinacloudapi.cn 访问) 。When you create a new server in Azure SQL Database or Azure Synapse Analytics named mysqlserver, for example, a server-level firewall blocks all access to the public endpoint for the server (which is accessible at mysqlserver.database.chinacloudapi.cn). 为简单起见,在提到 SQL 数据库和 Azure Synapse Analytics(以前称为 Azure SQL 数据仓库)时,本文统称 SQL 数据库。For simplicity, SQL Database is used to refer to both SQL Database and Azure Synapse Analytics (formerly Azure SQL Data Warehouse).

重要

本文不适用于 Azure SQL 托管实例This article does not apply to Azure SQL Managed Instance. 有关网络配置的信息,请参阅将应用程序连接到 Azure SQL 托管实例For information about network configuration, see Connect your application to Azure SQL Managed Instance.

Azure Synapse 只支持服务器级别 IP 防火墙规则。Azure Synapse only supports server-level IP firewall rules. 不支持数据库级 IP 防火墙规则。It doesn't support database-level IP firewall rules.

防火墙的工作原理How the firewall works

来自 Internet 和 Azure 的连接尝试必须首先通过防火墙,才能访问服务器或数据库,如下图所示。Connection attempts from the internet and Azure must pass through the firewall before they reach your server or database, as the following diagram shows.

防火墙配置示意图

服务器级别 IP 防火墙规则Server-level IP firewall rules

这些规则允许客户端访问整台服务器,即服务器所管理的所有数据库。These rules enable clients to access your entire server, that is, all the databases managed by the server. 这些规则存储在 master 数据库中。The rules are stored in the master database. 对于每台服务器,最多可以有 128 个服务器级别 IP 防火墙规则。You can have a maximum of 128 server-level IP firewall rules for a server. 如果启用了“允许 Azure 服务和资源访问此服务器”设置,则这会计为服务器的单个防火墙规则。If you have the Allow Azure Services and resources to access this server setting enabled, this counts as a single firewall rule for the server.

可以使用 Azure 门户、PowerShell 或 Transact-SQL 语句来配置服务器级 IP 防火墙规则。You can configure server-level IP firewall rules by using the Azure portal, PowerShell, or Transact-SQL statements.

  • 只有订阅所有者或订阅参与者才能使用门户或 PowerShell。To use the portal or PowerShell, you must be the subscription owner or a subscription contributor.
  • 若要使用 Transact-SQL,必须以服务器级别主体登录名或 Azure Active Directory 管理员的身份连接到 master 数据库。To use Transact-SQL, you must connect to the master database as the server-level principal login or as the Azure Active Directory administrator. (必须先由拥有 Azure 级权限的用户创建服务器级 IP 防火墙规则。)(A server-level IP firewall rule must first be created by a user who has Azure-level permissions.)

数据库级 IP 防火墙规则Database-level IP firewall rules

数据库级别 IP 防火墙规则允许客户端访问特定(安全)数据库。Database-level IP firewall rules enable clients to access certain (secure) databases. 可为每个数据库创建这些规则(包括 master 数据库),它们将存储在单独的数据库中。You create the rules for each database (including the master database), and they're stored in the individual database.

  • 只有在配置了第一个服务器级防火墙后,才只能使用 Transact-SQL 语句创建和管理用于 master 数据库和用户数据库的数据库级 IP 防火墙规则。You can only create and manage database-level IP firewall rules for master and user databases by using Transact-SQL statements and only after you configure the first server-level firewall.
  • 如果在数据库级 IP 防火墙规则中指定的 IP 地址范围超出了在服务器级 IP 防火墙规则中指定的范围,只有 IP 地址处于数据库级范围内的客户端才能访问数据库。If you specify an IP address range in the database-level IP firewall rule that's outside the range in the server-level IP firewall rule, only those clients that have IP addresses in the database-level range can access the database.
  • 对于每个数据库,最多可以有 128 个数据库级别 IP 防火墙规则。You can have a maximum of 128 database-level IP firewall rules for a database. 若要详细了解如何配置数据库级 IP 防火墙规则,请参阅本文后面部分中的示例,以及 sp_set_database_firewall_rule(Azure SQL 数据库)For more information about configuring database-level IP firewall rules, see the example later in this article and see sp_set_database_firewall_rule (Azure SQL Database).

有关如何设置防火墙规则的建议Recommendations for how to set firewall rules

建议尽可能使用数据库级 IP 防火墙规则。We recommend that you use database-level IP firewall rules whenever possible. 这种做法可以增强安全性并提高数据库的可移植性。This practice enhances security and makes your database more portable. 使用面向管理员的服务器级 IP 防火墙规则。Use server-level IP firewall rules for administrators. 如果有多个访问要求相同的数据库,并且你不希望花时间来单独配置每个数据库,也请使用此类规则。Also use them when you have many databases that have the same access requirements, and you don't want to configure each database individually.

备注

有关业务连续性上下文中的可移植数据库的信息,请参阅灾难恢复的身份验证要求For information about portable databases in the context of business continuity, see Authentication requirements for disaster recovery.

服务器级别与数据库级别 IP 防火墙规则Server-level versus database-level IP firewall rules

是否应将一个数据库的用户与另一个数据库完全隔离?Should users of one database be fully isolated from another database?

如果是,使用数据库级 IP 防火墙规则授予访问权限。If yes, use database-level IP firewall rules to grant access. 此方法可以避免使用服务器级 IP 防火墙规则,因为这些规则允许通过防火墙访问所有数据库,This method avoids using server-level IP firewall rules, which permit access through the firewall to all databases. 从而降低防御深度。That would reduce the depth of your defenses.

IP 地址用户是否需要访问所有数据库?Do users at the IP addresses need access to all databases?

如果是,请使用服务器级 IP 防火墙规则来减少必须配置 IP 防火墙规则的次数。If yes, use server-level IP firewall rules to reduce the number of times that you have to configure IP firewall rules.

配置 IP 防火墙规则的个人或团队是否只能通过 Azure 门户、PowerShell 或 REST API 获取访问权限?Does the person or team who configures the IP firewall rules only have access through the Azure portal, PowerShell, or the REST API?

如果是,则必须使用服务器级 IP 防火墙规则。If so, you must use server-level IP firewall rules. 只能通过 Transact-SQL 配置数据库级 IP 防火墙规则。Database-level IP firewall rules can only be configured through Transact-SQL.

是否禁止配置 IP 防火墙规则的个人或团队在数据库级别拥有高级权限?Is the person or team who configures the IP firewall rules prohibited from having high-level permission at the database level?

如果是,请使用服务器级 IP 防火墙规则。If so, use server-level IP firewall rules. 在数据库级别至少需要拥有 CONTROL DATABASE 权限才能通过 Transact-SQL 配置数据库级 IP 防火墙规则。You need at least CONTROL DATABASE permission at the database level to configure database-level IP firewall rules through Transact-SQL.

配置或审核 IP 防火墙规则的个人或团队是否集中管理多个(可能几百个)数据库的 IP 防火墙规则?Does the person or team who configures or audits the IP firewall rules centrally manage IP firewall rules for many (perhaps hundreds) of databases?

对于这种情况,最佳做法取决于需求和环境。In this scenario, best practices are determined by your needs and environment. 虽然服务器级别 IP 防火墙规则可能更易于配置,但脚本可以在数据库级别配置规则。Server-level IP firewall rules might be easier to configure, but scripting can configure rules at the database-level. 即使使用服务器级 IP 防火墙规则,也可能需要审核数据库级 IP 防火墙规则,以确定对数据库拥有 CONTROL 权限的用户是否已创建数据库级 IP 防火墙规则。And even if you use server-level IP firewall rules, you might need to audit database-level IP firewall rules to see if users with CONTROL permission on the database create database-level IP firewall rules.

能否同时使用服务器级和数据库级 IP 防火墙规则?Can I use a mix of server-level and database-level IP firewall rules?

是的。Yes. 一些用户(如管理员)可能需要服务器级 IP 防火墙规则。Some users, such as administrators, might need server-level IP firewall rules. 另一些用户(如数据库应用程序用户)可能需要数据库级别 IP 防火墙规则。Other users, such as users of a database application, might need database-level IP firewall rules.

从 Internet 进行连接Connections from the internet

在计算机尝试从 Internet 连接到服务器时,防火墙首先针对请求连接的数据库,根据数据库级别 IP 防火墙规则来检查请求的发起 IP 地址。When a computer tries to connect to your server from the internet, the firewall first checks the originating IP address of the request against the database-level IP firewall rules for the database that the connection requests.

  • 如果地址在数据库级别 IP 防火墙规则中指定的范围内,则包含规则的数据库会获得连接授权。If the address is within a range that's specified in the database-level IP firewall rules, the connection is granted to the database that contains the rule.
  • 如果地址不在数据库级 IP 防火墙规则中指定的范围内,防火墙会检查服务器级 IP 防火墙规则。If the address isn't within a range in the database-level IP firewall rules, the firewall checks the server-level IP firewall rules. 如果地址在服务器级 IP 防火墙规则中指定的范围内,则会为连接授权。If the address is within a range that's in the server-level IP firewall rules, the connection is granted. 服务器级别 IP 防火墙规则适用于服务器管理的所有数据库。Server-level IP firewall rules apply to all databases managed by the server.
  • 如果地址不在任何数据库级或服务器级 IP 防火墙规则中指定的范围内,连接请求将会失败。If the address isn't within a range that's in any of the database-level or server-level IP firewall rules, the connection request fails.

备注

要从本地计算机访问 Azure SQL 数据库,请确保网络和本地计算机上的防火墙允许 TCP 端口 1433 上的传出通信。To access Azure SQL Database from your local computer, ensure that the firewall on your network and local computer allow outgoing communication on TCP port 1433.

从 Azure 内部连接Connections from inside Azure

若要允许 Azure 内部托管的应用程序连接到 SQL 服务器,必须启用 Azure 连接。To allow applications hosted inside Azure to connect to your SQL server, Azure connections must be enabled. 当 Azure 中的应用程序尝试连接到你的服务器时,防火墙将验证是否允许 Azure 连接。When an application from Azure tries to connect to your server, the firewall verifies that Azure connections are allowed. 若要直接从 Azure 门户边栏选项卡中将其打开,可以设置防火墙规则,也可以在“防火墙和虚拟网络”设置中将“允许 Azure 服务和资源访问此服务器”切换为“启用”。 This can be turned on directly from the Azure portal blade by setting Firewall rules, as well as switching the Allow Azure Services and resources to access this server to ON in the Firewalls and virtual networks settings. 如果不允许该连接,则该请求将不会访问服务器。If the connection isn't allowed, the request doesn't reach the server.

重要

该选项将防火墙配置为允许来自 Azure 的所有连接,包括来自其他客户的订阅的连接。This option configures the firewall to allow all connections from Azure, including connections from the subscriptions of other customers. 如果选择此选项,请确保登录名和用户权限将访问权限限制为仅已授权用户使用。If you select this option, make sure that your login and user permissions limit access to authorized users only.

权限Permissions

若要能够为 Azure SQL Server 创建和管理 IP 防火墙规则,你需要:To be able to create and manage IP firewall rules for the Azure SQL Server, you will need to either be:

创建和管理 IP 防火墙规则Create and manage IP firewall rules

使用 Azure 门户创建第一个服务器级防火墙设置,或者使用 Azure PowerShellAzure CLIREST API 以编程方式创建。You create the first server-level firewall setting by using the Azure portal or programmatically by using Azure PowerShell, Azure CLI, or an Azure REST API. 使用这些方法或 Transact-SQL 创建和管理其他服务器级 IP 防火墙规则。You create and manage additional server-level IP firewall rules by using these methods or Transact-SQL.

重要

只能使用 Transact-SQL 创建和管理数据库级 IP 防火墙规则。Database-level IP firewall rules can only be created and managed by using Transact-SQL.

为了提升性能,服务器级别 IP 防火墙规则暂时在数据库级别缓存。To improve performance, server-level IP firewall rules are temporarily cached at the database level. 若要刷新高速缓存,请参阅 DBCC FLUSHAUTHCACHETo refresh the cache, see DBCC FLUSHAUTHCACHE.

提示

可以使用数据库审核来审核服务器级别和数据库级别的防火墙更改。You can use Database Auditing to audit server-level and database-level firewall changes.

使用 Azure 门户管理服务器级 IP 防火墙规则Use the Azure portal to manage server-level IP firewall rules

若要在 Azure 门户中设置服务器级别 IP 防火墙规则,请转到数据库或服务器的概述页。To set a server-level IP firewall rule in the Azure portal, go to the overview page for your database or your server.

提示

有关教程,请参阅使用 Azure 门户创建数据库For a tutorial, see Create a database using the Azure portal.

从数据库概述页From the database overview page

  1. 若要在数据库概述页中设置服务器级 IP 防火墙规则,请选择工具栏上的“设置服务器防火墙”,如下图所示。To set a server-level IP firewall rule from the database overview page, select Set server firewall on the toolbar, as the following image shows.

    服务器 IP 防火墙规则

    此时会打开服务器的“防火墙设置”页面。The Firewall settings page for the server opens.

  2. 选择工具栏上的“添加客户端 IP” 以添加当前使用的计算机的 IP 地址,然后单选择“保存”。 Select Add client IP on the toolbar to add the IP address of the computer that you're using, and then select Save. 此时,系统针对当前 IP 地址创建服务器级别 IP 防火墙规则。A server-level IP firewall rule is created for your current IP address.

    设置服务器级 IP 防火墙规则

从服务器概述页From the server overview page

此时会打开服务器的概述页。The overview page for your server opens. 其中显示了完全限定的服务器名称(例如 mynewserver20170403.database.chinacloudapi.cn),并提供了其他配置的选项。It shows the fully qualified server name (such as mynewserver20170403.database.chinacloudapi.cn) and provides options for further configuration.

  1. 若要在此页中设置服务器级规则,请在左侧的“设置”菜单中选择“防火墙”。 To set a server-level rule from this page, select Firewall from the Settings menu on the left side.

  2. 选择工具栏上的“添加客户端 IP” 以添加当前使用的计算机的 IP 地址,然后单选择“保存”。 Select Add client IP on the toolbar to add the IP address of the computer that you're using, and then select Save. 此时,系统针对当前 IP 地址创建服务器级别 IP 防火墙规则。A server-level IP firewall rule is created for your current IP address.

使用 Transact-SQL 管理 IP 防火墙规则Use Transact-SQL to manage IP firewall rules

目录视图或存储过程Catalog view or stored procedure LevelLevel 说明Description
sys.firewall_rulessys.firewall_rules 服务器Server 显示当前服务器级别 IP 防火墙规则Displays the current server-level IP firewall rules
sp_set_firewall_rulesp_set_firewall_rule 服务器Server 创建或更新服务器级别 IP 防火墙规则Creates or updates server-level IP firewall rules
sp_delete_firewall_rulesp_delete_firewall_rule 服务器Server 删除服务器级别 IP 防火墙规则Removes server-level IP firewall rules
sys.database_firewall_rulessys.database_firewall_rules 数据库Database 显示当前数据库级别 IP 防火墙规则Displays the current database-level IP firewall rules
sp_set_database_firewall_rulesp_set_database_firewall_rule 数据库Database 创建或更新数据库级别 IP 防火墙规则Creates or updates the database-level IP firewall rules
sp_delete_database_firewall_rulesp_delete_database_firewall_rule 数据库Databases 删除数据库级别 IP 防火墙规则Removes database-level IP firewall rules

以下示例检查现有规则,在服务器 Contoso 上启用一系列 IP 地址,并删除 IP 防火墙规则:The following example reviews the existing rules, enables a range of IP addresses on the server Contoso, and deletes an IP firewall rule:

SELECT * FROM sys.firewall_rules ORDER BY name;

接下来,添加服务器级别 IP 防火墙规则。Next, add a server-level IP firewall rule.

EXECUTE sp_set_firewall_rule @name = N'ContosoFirewallRule',
   @start_ip_address = '192.168.1.1', @end_ip_address = '192.168.1.10'

若要删除服务器级 IP 防火墙规则,请执行 sp_delete_firewall_rule 存储过程。To delete a server-level IP firewall rule, execute the sp_delete_firewall_rule stored procedure. 以下示例删除规则 ContosoFirewallRuleThe following example deletes the rule ContosoFirewallRule:

EXECUTE sp_delete_firewall_rule @name = N'ContosoFirewallRule'

使用 PowerShell 管理服务器级 IP 防火墙规则Use PowerShell to manage server-level IP firewall rules

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

重要

PowerShell Azure 资源管理器模块仍受 Azure SQL 数据库的支持,但所有开发现在都是针对 Az.Sql 模块。The PowerShell Azure Resource Manager module is still supported by Azure SQL Database, but all development is now for the Az.Sql module. 若要了解这些 cmdlet,请参阅 AzureRM.SqlFor these cmdlets, see AzureRM.Sql. Az 和 AzureRm 模块中的命令参数大体上是相同的。The arguments for the commands in the Az and AzureRm modules are substantially identical.

CmdletCmdlet LevelLevel 说明Description
Get-AzSqlServerFirewallRuleGet-AzSqlServerFirewallRule 服务器Server 返回当前的服务器级防火墙规则Returns the current server-level firewall rules
New-AzSqlServerFirewallRuleNew-AzSqlServerFirewallRule 服务器Server 新建服务器级防火墙规则Creates a new server-level firewall rule
Set-AzSqlServerFirewallRuleSet-AzSqlServerFirewallRule 服务器Server 更新现有服务器级防火墙规则的属性Updates the properties of an existing server-level firewall rule
Remove-AzSqlServerFirewallRuleRemove-AzSqlServerFirewallRule 服务器Server 删除服务器级防火墙规则Removes server-level firewall rules

以下示例使用 PowerShell 设置服务器级 IP 防火墙规则:The following example uses PowerShell to set a server-level IP firewall rule:

New-AzSqlServerFirewallRule -ResourceGroupName "myResourceGroup" `
    -ServerName $servername `
    -FirewallRuleName "ContosoIPRange" -StartIpAddress "192.168.1.0" -EndIpAddress "192.168.1.255"

提示

对于 $servername,请指定服务器名称而不是完全限定的 DNS 名称,例如,指定 mysqldbserver 而不是 mysqldbserver.database.chinacloudapi.cnFor $servername specify the server name and not the fully qualified DNS name e.g. specify mysqldbserver instead of mysqldbserver.database.chinacloudapi.cn

若要查看快速入门上下文中的 PowerShell 示例,请参阅创建 DB - PowerShell,以及使用 PowerShell 创建单一数据库并配置服务器级别 IP 防火墙规则For PowerShell examples in the context of a quickstart, see Create DB - PowerShell and Create a single database and configure a server-level IP firewall rule using PowerShell.

使用 CLI 管理服务器级 IP 防火墙规则Use CLI to manage server-level IP firewall rules

CmdletCmdlet LevelLevel 说明Description
az sql server firewall-rule createaz sql server firewall-rule create 服务器Server 创建服务器 IP 防火墙规则Creates a server IP firewall rule
az sql server firewall-rule listaz sql server firewall-rule list 服务器Server 列出服务器上的 IP 防火墙规则Lists the IP firewall rules on a server
az sql server firewall-rule showaz sql server firewall-rule show 服务器Server 显示 IP 防火墙规则的详细信息Shows the detail of an IP firewall rule
az sql server firewall-rule updateaz sql server firewall-rule update 服务器Server 更新 IP 防火墙规则Updates an IP firewall rule
az sql server firewall-rule deleteaz sql server firewall-rule delete 服务器Server 删除 IP 防火墙规则Deletes an IP firewall rule

以下示例使用 CLI 设置服务器级 IP 防火墙规则:The following example uses CLI to set a server-level IP firewall rule:

az sql server firewall-rule create --resource-group myResourceGroup --server $servername \
-n ContosoIPRange --start-ip-address 192.168.1.0 --end-ip-address 192.168.1.255

提示

对于 $servername,请指定服务器名称而不是完全限定的 DNS 名称,例如,指定 mysqldbserver 而不是 mysqldbserver.database.chinacloudapi.cnFor $servername specify the server name and not the fully qualified DNS name e.g. specify mysqldbserver instead of mysqldbserver.database.chinacloudapi.cn

若要查看快速入门上下文中的 CLI 示例,请参阅创建 DB - Azure CLI,以及使用 Azure CLI 创建单一数据库并配置服务器级别 IP 防火墙规则For a CLI example in the context of a quickstart, see Create DB - Azure CLI and Create a single database and configure a server-level IP firewall rule using the Azure CLI.

使用 REST API 管理服务器级 IP 防火墙规则Use a REST API to manage server-level IP firewall rules

APIAPI LevelLevel 说明Description
列出防火墙规则List firewall rules 服务器Server 显示当前服务器级别 IP 防火墙规则Displays the current server-level IP firewall rules
创建或更新防火墙规则Create or update firewall rules 服务器Server 创建或更新服务器级别 IP 防火墙规则Creates or updates server-level IP firewall rules
删除防火墙规则Delete firewall rules 服务器Server 删除服务器级别 IP 防火墙规则Removes server-level IP firewall rules
获取防火墙规则Get firewall rules 服务器Server 获取服务器级别 IP 防火墙规则Gets server-level IP firewall rules

排查数据库防火墙问题Troubleshoot the database firewall

无法按预期方式访问 Azure SQL 数据库时,请考虑以下几点。Consider the following points when access to Azure SQL Database doesn't behave as you expect.

  • 本地防火墙配置:Local firewall configuration:

    在计算机可以访问 Azure SQL 数据库之前,可能需要在计算机上创建针对 TCP 端口 1433 的防火墙例外。Before your computer can access Azure SQL Database, you may need to create a firewall exception on your computer for TCP port 1433. 若要在 Azure 云边界内部建立连接,可能需要打开其他端口。To make connections inside the Azure cloud boundary, you may have to open additional ports. 有关详细信息,请参阅用于 ADO.NET 4.5 和 Azure SQL 数据库的非 1433 端口中的“SQL 数据库:外部与内部”部分。For more information, see the "SQL Database: Outside vs inside" section of Ports beyond 1433 for ADO.NET 4.5 and Azure SQL Database.

  • 网络地址转换:Network address translation:

    由于网络地址转换 (NAT) 的原因,计算机用来连接到 Azure SQL 数据库的 IP 地址可能不同于计算机 IP 配置设置中的 IP 地址。Because of network address translation (NAT), the IP address that's used by your computer to connect to Azure SQL Database may be different than the IP address in your computer's IP configuration settings. 若要查看计算机用于连接到 Azure 的 IP 地址:To view the IP address that your computer is using to connect to Azure:

    1. 登录到门户。Sign in to the portal.
    2. 转到托管数据库的服务器上的“配置”选项卡。Go to the Configure tab on the server that hosts your database.
    3. “允许的 IP 地址”部分下显示了“当前客户端 IP 地址”。 The Current Client IP Address is displayed in the Allowed IP Addresses section. 选择“允许的 IP 地址”旁边的“添加”,以允许此计算机访问服务器。 Select Add for Allowed IP Addresses to allow this computer to access the server.
  • 对允许列表的更改尚未生效:Changes to the allow list haven't taken effect yet:

    对 Azure SQL 数据库防火墙配置所做的更改可能最多需要 5 分钟的延迟才可生效。There may be up to a five-minute delay for changes to the Azure SQL Database firewall configuration to take effect.

  • 登录名未授权或使用了错误的密码:The login isn't authorized, or an incorrect password was used:

    如果某个登录名对服务器没有权限或者使用的密码不正确,则与服务器的连接会被拒绝。If a login doesn't have permissions on the server or the password is incorrect, the connection to the server is denied. 创建防火墙设置只能为客户端提供尝试连接到服务器的机会。Creating a firewall setting only gives clients an opportunity to try to connect to your server. 客户端仍必须提供所需的安全凭据。The client must still provide the necessary security credentials. 有关如何准备登录名的详细信息,请参阅控制和授予数据库访问权限For more information about preparing logins, see Controlling and granting database access.

  • 动态 IP 地址:Dynamic IP address:

    如果你的 Internet 连接使用动态 IP 寻址,并且在通过防火墙时遇到问题,请尝试以下解决方法之一:If you have an internet connection that uses dynamic IP addressing and you have trouble getting through the firewall, try one of the following solutions:

    • 请求 Internet 服务提供商提供分配给访问服务器的客户端计算机的 IP 地址范围。Ask your internet service provider for the IP address range that's assigned to your client computers that access the server. 将此 IP 地址范围添加为 IP 防火墙规则。Add that IP address range as an IP firewall rule.
    • 改为获取客户端计算机的静态 IP 地址。Get static IP addressing instead for your client computers. 将 IP 地址添加为 IP 防火墙规则。Add the IP addresses as IP firewall rules.

后续步骤Next steps