Azure SQL 数据库和 Azure Synapse Analytics IP 防火墙规则Azure SQL Database and Azure Synapse Analytics IP firewall rules

Note

本文适用于 Azure SQL 服务器,同时也适用于 Azure SQL 服务器上的 Azure SQL 数据库和 Azure Synapse Analytics 数据库。This article applies to Azure SQL servers, and to both Azure SQL Database and Azure Synapse Analytics databases on an Azure SQL server. 为简单起见,在提到 SQL 数据库和 Azure Synapse 时,本文统称 SQL 数据库**。For simplicity, SQL Database is used to refer to both SQL Database and Azure Synapse.

Important

本文不** 适用于 Azure SQL 数据库托管实例This article does not apply to Azure SQL Database Managed Instance. 有关网络配置的信息,请参阅将应用程序连接到 Azure SQL 数据库托管实例For information about network configuration, see Connect your application to Azure SQL Database Managed Instance.

例如,创建名为 mysqlserver 的新 Azure SQL 服务器时,SQL 数据库防火墙会阻止对该服务器的公共终结点进行任何访问(可通过 mysqlserver.database.chinacloudapi.cn 中访问)。When you create a new Azure SQL server named mysqlserver, for example, the SQL Database firewall blocks all access to the public endpoint for the server (which is accessible at mysqlserver.database.chinacloudapi.cn).

Important

Azure Synapse 只支持服务器级别 IP 防火墙规则。Azure Synapse only supports server-level IP firewall rules. 不支持数据库级 IP 防火墙规则。It doesn't support database-level IP firewall rules.

防火墙的工作原理How the firewall works

来自 Internet 和 Azure 的连接尝试必须首先通过防火墙,才能访问 SQL 服务器或 SQL 数据库,如下图中所示:Connection attempts from the internet and Azure must pass through the firewall before they reach your SQL server or SQL database, as the following diagram shows.

防火墙配置示意图

服务器级别 IP 防火墙规则Server-level IP firewall rules

这些规则允许客户端访问整个 Azure SQL 服务器,即同一 SQL 数据库服务器内的所有数据库。These rules enable clients to access your entire Azure SQL server, that is, all the databases within the same SQL Database server. 这些规则存储在 master 数据库中。The rules are stored in the master database. 对于 Azure SQL Server,最多可以有 128 个服务器级别 IP 防火墙规则。You can have a maximum of 128 server-level IP firewall rules for an Azure SQL Server. 如果启用了“允许 Azure 服务和资源访问此服务器”**** 设置,则这将计为 Azure SQL Server 的单个防火墙规则。If you have the Allow Azure Services and resources to access this server setting enabled, this counts as a single firewall rule for Azure SQL Server.

可以使用 Azure 门户、PowerShell 或 Transact-SQL 语句来配置服务器级 IP 防火墙规则。You can configure server-level IP firewall rules by using the Azure portal, PowerShell, or Transact-SQL statements.

  • 只有订阅所有者或订阅参与者才能使用门户或 PowerShell。To use the portal or PowerShell, you must be the subscription owner or a subscription contributor.
  • 若要使用 Transact-SQL,必须以服务器级主体登录名或 Azure Active Directory 管理员的身份连接到 SQL 数据库实例。To use Transact-SQL, you must connect to the SQL Database instance as the server-level principal login or as the Azure Active Directory administrator. (必须先由拥有 Azure 级权限的用户创建服务器级 IP 防火墙规则。)(A server-level IP firewall rule must first be created by a user who has Azure-level permissions.)

数据库级 IP 防火墙规则Database-level IP firewall rules

这些规则允许客户端访问同一 SQL 数据库服务器内的某些(安全)数据库。These rules enable clients to access certain (secure) databases within the same SQL Database server. 可为每个数据库创建这些规则(包括 master 数据库),它们将存储在单独的数据库中。You create the rules for each database (including the master database), and they're stored in the individual database.

只有在配置了第一个服务器级防火墙后,才只能使用 Transact-SQL 语句创建和管理用于 master 数据库和用户数据库的数据库级 IP 防火墙规则。You can only create and manage database-level IP firewall rules for master and user databases by using Transact-SQL statements and only after you configure the first server-level firewall.

如果在数据库级 IP 防火墙规则中指定的 IP 地址范围超出了在服务器级 IP 防火墙规则中指定的范围,只有 IP 地址处于数据库级范围内的客户端才能访问数据库。If you specify an IP address range in the database-level IP firewall rule that's outside the range in the server-level IP firewall rule, only those clients that have IP addresses in the database-level range can access the database.

对于每个数据库,最多可以有 128 个数据库级别 IP 防火墙规则。You can have a maximum of 128 database-level IP firewall rules for a database. 若要详细了解如何配置数据库级 IP 防火墙规则,请参阅本文后面部分中的示例,以及 sp_set_database_firewall_rule(Azure SQL 数据库)For more information about configuring database-level IP firewall rules, see the example later in this article and see sp_set_database_firewall_rule (Azure SQL Database).

有关如何设置防火墙规则的建议Recommendations for how to set firewall rules

建议尽可能使用数据库级 IP 防火墙规则。We recommend that you use database-level IP firewall rules whenever possible. 这种做法可以增强安全性并提高数据库的可移植性。This practice enhances security and makes your database more portable. 使用面向管理员的服务器级 IP 防火墙规则。Use server-level IP firewall rules for administrators. 如果有多个访问要求相同的数据库,并且你不希望花时间来单独配置每个数据库,也请使用此类规则。Also use them when you have many databases that have the same access requirements, and you don't want to configure each database individually.

Note

有关业务连续性上下文中的可移植数据库的信息,请参阅灾难恢复的身份验证要求For information about portable databases in the context of business continuity, see Authentication requirements for disaster recovery.

服务器级别与数据库级别 IP 防火墙规则Server-level versus database-level IP firewall rules

是否应将一个数据库的用户与另一个数据库完全隔离?**Should users of one database be fully isolated from another database?

如果是,使用数据库级 IP 防火墙规则授予访问权限。**If yes, use database-level IP firewall rules to grant access. 此方法可以避免使用服务器级 IP 防火墙规则,因为这些规则允许通过防火墙访问所有数据库,This method avoids using server-level IP firewall rules, which permit access through the firewall to all databases. 从而降低防御深度。That would reduce the depth of your defenses.

IP 地址用户是否需要访问所有数据库?**Do users at the IP addresses need access to all databases?

如果是,请使用服务器级 IP 防火墙规则来减少必须配置 IP 防火墙规则的次数。**If yes, use server-level IP firewall rules to reduce the number of times that you have to configure IP firewall rules.

配置 IP 防火墙规则的个人或团队是否只能通过 Azure 门户、PowerShell 或 REST API 获取访问权限?**Does the person or team who configures the IP firewall rules only have access through the Azure portal, PowerShell, or the REST API?

如果是,则必须使用服务器级 IP 防火墙规则。If so, you must use server-level IP firewall rules. 只能通过 Transact-SQL 配置数据库级 IP 防火墙规则。Database-level IP firewall rules can only be configured through Transact-SQL.

是否禁止配置 IP 防火墙规则的个人或团队在数据库级别拥有高级权限?**Is the person or team who configures the IP firewall rules prohibited from having high-level permission at the database level?

如果是,请使用服务器级 IP 防火墙规则。If so, use server-level IP firewall rules. 在数据库级别至少需要拥有 CONTROL DATABASE 权限才能通过 Transact-SQL 配置数据库级 IP 防火墙规则。You need at least CONTROL DATABASE permission at the database level to configure database-level IP firewall rules through Transact-SQL.

配置或审核 IP 防火墙规则的个人或团队是否集中管理多个(可能几百个)数据库的 IP 防火墙规则?**Does the person or team who configures or audits the IP firewall rules centrally manage IP firewall rules for many (perhaps hundreds) of databases?

对于这种情况,最佳做法取决于需求和环境。In this scenario, best practices are determined by your needs and environment. 虽然服务器级别 IP 防火墙规则可能更易于配置,但脚本可以在数据库级别配置规则。Server-level IP firewall rules might be easier to configure, but scripting can configure rules at the database-level. 即使使用服务器级 IP 防火墙规则,也可能需要审核数据库级 IP 防火墙规则,以确定对数据库拥有 CONTROL 权限的用户是否已创建数据库级 IP 防火墙规则。And even if you use server-level IP firewall rules, you might need to audit database-level IP firewall rules to see if users with CONTROL permission on the database create database-level IP firewall rules.

能否同时使用服务器级和数据库级 IP 防火墙规则?**Can I use a mix of server-level and database-level IP firewall rules?

是的。Yes. 一些用户(如管理员)可能需要服务器级 IP 防火墙规则。Some users, such as administrators, might need server-level IP firewall rules. 另一些用户(如数据库应用程序用户)可能需要数据库级别 IP 防火墙规则。Other users, such as users of a database application, might need database-level IP firewall rules.

从 Internet 进行连接Connections from the internet

在计算机尝试从 Internet 连接到数据库服务器时,防火墙先针对请求连接的数据库,根据数据库级 IP 防火墙规则来检查请求的发起 IP 地址。When a computer tries to connect to your database server from the internet, the firewall first checks the originating IP address of the request against the database-level IP firewall rules for the database that the connection requests.

  • 如果 IP 地址在数据库级 IP 防火墙规则中指定的范围内,包含规则的 SQL 数据库便会获得连接授权。If the address is within a range that's specified in the database-level IP firewall rules, the connection is granted to the SQL database that contains the rule.
  • 如果地址不在数据库级 IP 防火墙规则中指定的范围内,防火墙会检查服务器级 IP 防火墙规则。If the address isn't within a range in the database-level IP firewall rules, the firewall checks the server-level IP firewall rules. 如果地址在服务器级 IP 防火墙规则中指定的范围内,则会为连接授权。If the address is within a range that's in the server-level IP firewall rules, the connection is granted. 服务器级别 IP 防火墙规则适用于 Azure SQL 服务器上的所有 SQL 数据库。Server-level IP firewall rules apply to all SQL databases on the Azure SQL server.
  • 如果地址不在任何数据库级或服务器级 IP 防火墙规则中指定的范围内,连接请求将会失败。If the address isn't within a range that's in any of the database-level or server-level IP firewall rules, the connection request fails.

Note

要从本地计算机访问 SQL 数据库,请确保网络和本地计算机上的防火墙允许在 TCP 端口 1433 上的传出通信。To access SQL Database from your local computer, ensure that the firewall on your network and local computer allow outgoing communication on TCP port 1433.

从 Azure 内部连接Connections from inside Azure

若要允许 Azure 内部托管的应用程序连接到 SQL 服务器,必须启用 Azure 连接。To allow applications hosted inside Azure to connect to your SQL server, Azure connections must be enabled. 在应用程序尝试从 Azure 连接到你的数据库服务器时,防火墙将验证是否允许 Azure 连接。When an application from Azure tries to connect to your database server, the firewall verifies that Azure connections are allowed. 若要直接从 Azure 门户边栏选项卡中将其打开,可以设置防火墙规则,也可以在“防火墙和虚拟网络”设置中将“允许 Azure 服务和资源访问此服务器”切换为“启用”。**** **** ****This can be turned on directly from the Azure Portal blade by setting Firewall rules, as well as switching the Allow Azure Services and resources to access this server to ON in the Firewalls and virtual networks settings. 如果不允许连接,则该请求将不会访问 Azure SQL 数据库服务器。If the connection isn't allowed, the request doesn't reach the SQL Database server.

Important

该选项将防火墙配置为允许来自 Azure 的所有连接,包括来自其他客户的订阅的连接。This option configures the firewall to allow all connections from Azure, including connections from the subscriptions of other customers. 如果选择此选项,请确保登录名和用户权限将访问权限限制为仅已授权用户使用。If you select this option, make sure that your login and user permissions limit access to authorized users only.

创建和管理 IP 防火墙规则Create and manage IP firewall rules

使用 Azure 门户创建第一个服务器级防火墙设置,或者使用 Azure PowerShellAzure CLIREST API 以编程方式创建。You create the first server-level firewall setting by using the Azure portal or programmatically by using Azure PowerShell, Azure CLI, or an Azure REST API. 使用这些方法或 Transact-SQL 创建和管理其他服务器级 IP 防火墙规则。You create and manage additional server-level IP firewall rules by using these methods or Transact-SQL.

Important

只能使用 Transact-SQL 创建和管理数据库级 IP 防火墙规则。Database-level IP firewall rules can only be created and managed by using Transact-SQL.

为了提升性能,服务器级别 IP 防火墙规则暂时在数据库级别缓存。To improve performance, server-level IP firewall rules are temporarily cached at the database level. 若要刷新高速缓存,请参阅 DBCC FLUSHAUTHCACHETo refresh the cache, see DBCC FLUSHAUTHCACHE.

Tip

可以使用 SQL 数据库审核来审核服务器级别和数据库级别防火墙更改。You can use SQL Database Auditing to audit server-level and database-level firewall changes.

使用 Azure 门户管理服务器级 IP 防火墙规则Use the Azure portal to manage server-level IP firewall rules

若要在 Azure 门户中设置服务器级 IP 防火墙规则,请转到 Azure SQL 数据库或 SQL 数据库服务器的概述页。To set a server-level IP firewall rule in the Azure portal, go to the overview page for your Azure SQL database or your SQL Database server.

Tip

有关教程,请参阅使用 Azure 门户创建 DBFor a tutorial, see Create a DB using the Azure portal.

从数据库概述页From the database overview page

  1. 若要在数据库概述页中设置服务器级 IP 防火墙规则,请选择工具栏上的“设置服务器防火墙”****,如下图所示。To set a server-level IP firewall rule from the database overview page, select Set server firewall on the toolbar, as the following image shows.

    服务器 IP 防火墙规则

    此时会打开 SQL 数据库服务器的“防火墙设置”页。****The Firewall settings page for the SQL Database server opens.

  2. 选择工具栏上的“添加客户端 IP” 以添加当前使用的计算机的 IP 地址,然后单选择“保存”。**** ****Select Add client IP on the toolbar to add the IP address of the computer that you're using, and then select Save. 此时,系统针对当前 IP 地址创建服务器级别 IP 防火墙规则。A server-level IP firewall rule is created for your current IP address.

    设置服务器级 IP 防火墙规则

从服务器概述页From the server overview page

此时会打开服务器的概述页。The overview page for your server opens. 其中显示了完全限定的服务器名称(例如 mynewserver20170403.database.chinacloudapi.cn),并提供了其他配置的选项。It shows the fully qualified server name (such as mynewserver20170403.database.chinacloudapi.cn) and provides options for further configuration.

  1. 若要在此页中设置服务器级规则,请在左侧的“设置”菜单中选择“防火墙”。**** ****To set a server-level rule from this page, select Firewall from the Settings menu on the left side.

  2. 选择工具栏上的“添加客户端 IP” 以添加当前使用的计算机的 IP 地址,然后单选择“保存”。**** ****Select Add client IP on the toolbar to add the IP address of the computer that you're using, and then select Save. 此时,系统针对当前 IP 地址创建服务器级别 IP 防火墙规则。A server-level IP firewall rule is created for your current IP address.

使用 Transact-SQL 管理 IP 防火墙规则Use Transact-SQL to manage IP firewall rules

目录视图或存储过程Catalog view or stored procedure LevelLevel 说明Description
sys.firewall_rulessys.firewall_rules 服务器Server 显示当前服务器级别 IP 防火墙规则Displays the current server-level IP firewall rules
sp_set_firewall_rulesp_set_firewall_rule 服务器Server 创建或更新服务器级别 IP 防火墙规则Creates or updates server-level IP firewall rules
sp_delete_firewall_rulesp_delete_firewall_rule 服务器Server 删除服务器级别 IP 防火墙规则Removes server-level IP firewall rules
sys.database_firewall_rulessys.database_firewall_rules 数据库Database 显示当前数据库级别 IP 防火墙规则Displays the current database-level IP firewall rules
sp_set_database_firewall_rulesp_set_database_firewall_rule 数据库Database 创建或更新数据库级别 IP 防火墙规则Creates or updates the database-level IP firewall rules
sp_delete_database_firewall_rulesp_delete_database_firewall_rule 数据库Databases 删除数据库级别 IP 防火墙规则Removes database-level IP firewall rules

以下示例检查现有规则,在服务器 Contoso 上启用一系列 IP 地址,并删除 IP 防火墙规则:The following example reviews the existing rules, enables a range of IP addresses on the server Contoso, and deletes an IP firewall rule:

SELECT * FROM sys.firewall_rules ORDER BY name;

接下来,添加服务器级别 IP 防火墙规则。Next, add a server-level IP firewall rule.

EXECUTE sp_set_firewall_rule @name = N'ContosoFirewallRule',
   @start_ip_address = '192.168.1.1', @end_ip_address = '192.168.1.10'

若要删除服务器级 IP 防火墙规则,请执行 sp_delete_firewall_rule 存储过程。To delete a server-level IP firewall rule, execute the sp_delete_firewall_rule stored procedure. 以下示例删除规则 ContosoFirewallRuleThe following example deletes the rule ContosoFirewallRule:

EXECUTE sp_delete_firewall_rule @name = N'ContosoFirewallRule'

使用 PowerShell 管理服务器级 IP 防火墙规则Use PowerShell to manage server-level IP firewall rules

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

Important

PowerShell Azure 资源管理器模块仍受 Azure SQL 数据库的支持,但所有开发现在都是针对 Az.Sql 模块。The PowerShell Azure Resource Manager module is still supported by Azure SQL Database, but all development is now for the Az.Sql module. 若要了解这些 cmdlet,请参阅 AzureRM.SqlFor these cmdlets, see AzureRM.Sql. Az 和 AzureRm 模块中的命令参数大体上是相同的。The arguments for the commands in the Az and AzureRm modules are substantially identical.

CmdletCmdlet LevelLevel 说明Description
Get-AzSqlServerFirewallRuleGet-AzSqlServerFirewallRule 服务器Server 返回当前的服务器级防火墙规则Returns the current server-level firewall rules
New-AzSqlServerFirewallRuleNew-AzSqlServerFirewallRule 服务器Server 新建服务器级防火墙规则Creates a new server-level firewall rule
Set-AzSqlServerFirewallRuleSet-AzSqlServerFirewallRule 服务器Server 更新现有服务器级防火墙规则的属性Updates the properties of an existing server-level firewall rule
Remove-AzSqlServerFirewallRuleRemove-AzSqlServerFirewallRule 服务器Server 删除服务器级防火墙规则Removes server-level firewall rules

以下示例使用 PowerShell 设置服务器级 IP 防火墙规则:The following example uses PowerShell to set a server-level IP firewall rule:

New-AzSqlServerFirewallRule -ResourceGroupName "myResourceGroup" `
    -ServerName $servername `
    -FirewallRuleName "ContosoIPRange" -StartIpAddress "192.168.1.0" -EndIpAddress "192.168.1.255"

Tip

对于 $servername,请指定服务器名称而不是完全限定的 DNS 名称,例如,指定 mysqldbserver 而不是 mysqldbserver.database.chinacloudapi.cnFor $servername specify the server name and not the fully qualified DNS name e.g. specify mysqldbserver instead of mysqldbserver.database.chinacloudapi.cn

使用 CLI 管理服务器级 IP 防火墙规则Use CLI to manage server-level IP firewall rules

CmdletCmdlet LevelLevel 说明Description
az sql server firewall-rule createaz sql server firewall-rule create 服务器Server 创建服务器 IP 防火墙规则Creates a server IP firewall rule
az sql server firewall-rule listaz sql server firewall-rule list 服务器Server 列出服务器上的 IP 防火墙规则Lists the IP firewall rules on a server
az sql server firewall-rule showaz sql server firewall-rule show 服务器Server 显示 IP 防火墙规则的详细信息Shows the detail of an IP firewall rule
az sql server firewall-rule updateaz sql server firewall-rule update 服务器Server 更新 IP 防火墙规则Updates an IP firewall rule
az sql server firewall-rule deleteaz sql server firewall-rule delete 服务器Server 删除 IP 防火墙规则Deletes an IP firewall rule

以下示例使用 CLI 设置服务器级 IP 防火墙规则:The following example uses CLI to set a server-level IP firewall rule:

az sql server firewall-rule create --resource-group myResourceGroup --server $servername \
-n ContosoIPRange --start-ip-address 192.168.1.0 --end-ip-address 192.168.1.255

Tip

对于 $servername,请指定服务器名称而不是完全限定的 DNS 名称,例如,指定 mysqldbserver 而不是 mysqldbserver.database.chinacloudapi.cnFor $servername specify the server name and not the fully qualified DNS name e.g. specify mysqldbserver instead of mysqldbserver.database.chinacloudapi.cn

使用 REST API 管理服务器级 IP 防火墙规则Use a REST API to manage server-level IP firewall rules

APIAPI LevelLevel 说明Description
列出防火墙规则List firewall rules 服务器Server 显示当前服务器级别 IP 防火墙规则Displays the current server-level IP firewall rules
创建或更新防火墙规则Create or update firewall rules 服务器Server 创建或更新服务器级别 IP 防火墙规则Creates or updates server-level IP firewall rules
删除防火墙规则Delete firewall rules 服务器Server 删除服务器级别 IP 防火墙规则Removes server-level IP firewall rules
获取防火墙规则Get firewall rules 服务器Server 获取服务器级别 IP 防火墙规则Gets server-level IP firewall rules

排查数据库防火墙问题Troubleshoot the database firewall

无法按预期方式访问 SQL 数据库服务时,请考虑以下几点。Consider the following points when access to the SQL Database service doesn't behave as you expect.

  • 本地防火墙配置:Local firewall configuration:

    在计算机可以访问 SQL 数据库之前,可能需要在计算机上创建针对 TCP 端口 1433 的防火墙例外。Before your computer can access SQL Database, you may need to create a firewall exception on your computer for TCP port 1433. 若要在 Azure 云边界内部建立连接,可能需要打开其他端口。To make connections inside the Azure cloud boundary, you may have to open additional ports. 有关详细信息,请参阅用于 ADO.NET 4.5 和 SQL 数据库的非 1433 端口中的“SQL 数据库:外部与内部”部分。For more information, see the "SQL Database: Outside vs inside" section of Ports beyond 1433 for ADO.NET 4.5 and SQL Database.

  • 网络地址转换:Network address translation:

    由于网络地址转换 (NAT) 的原因,计算机用来连接到 SQL 数据库的 IP 地址可能不同于计算机 IP 配置设置中的 IP 地址。Because of network address translation (NAT), the IP address that's used by your computer to connect to SQL Database may be different than the IP address in your computer's IP configuration settings. 若要查看计算机用于连接到 Azure 的 IP 地址:To view the IP address that your computer is using to connect to Azure:

    1. 登录到门户。Sign in to the portal.
    2. 转到托管数据库的服务器上的“配置”选项卡。****Go to the Configure tab on the server that hosts your database.
    3. “允许的 IP 地址”部分下显示了“当前客户端 IP 地址”。**** ****The Current Client IP Address is displayed in the Allowed IP Addresses section. 选择“允许的 IP 地址”旁边的“添加”,以允许此计算机访问服务器。**** ****Select Add for Allowed IP Addresses to allow this computer to access the server.
  • 对允许列表的更改尚未生效:Changes to the allow list haven't taken effect yet:

    对 SQL 数据库防火墙配置所做的更改可能最多需要 5 分钟的延迟才可生效。There may be up to a five-minute delay for changes to the SQL Database firewall configuration to take effect.

  • 登录名未授权或使用了错误的密码:The login isn't authorized, or an incorrect password was used:

    如果某个登录名对 SQL 数据库服务器没有权限或者使用的密码不正确,则与服务器的连接会被拒绝。If a login doesn't have permissions on the SQL Database server or the password is incorrect, the connection to the server is denied. 创建防火墙设置只能为客户端提供尝试连接到服务器的机会**。Creating a firewall setting only gives clients an opportunity to try to connect to your server. 客户端仍必须提供所需的安全凭据。The client must still provide the necessary security credentials. 有关准备登录名的详细信息,请参阅控制和授予数据库对 SQL 数据库与 Azure Synapse 的访问权限For more information about preparing logins, see Controlling and granting database access to SQL Database and Azure Synapse.

  • 动态 IP 地址:Dynamic IP address:

    如果你的 Internet 连接使用动态 IP 寻址,并且在通过防火墙时遇到问题,请尝试以下解决方法之一:If you have an internet connection that uses dynamic IP addressing and you have trouble getting through the firewall, try one of the following solutions:

    • 请求 Internet 服务提供商提供分配给访问 SQL 数据库服务器的客户端计算机的 IP 地址范围。Ask your internet service provider for the IP address range that's assigned to your client computers that access the SQL Database server. 将此 IP 地址范围添加为 IP 防火墙规则。Add that IP address range as an IP firewall rule.
    • 改为获取客户端计算机的静态 IP 地址。Get static IP addressing instead for your client computers. 将 IP 地址添加为 IP 防火墙规则。Add the IP addresses as IP firewall rules.

后续步骤Next steps