快速入门:使用 Azure 门户为单一数据库和共用数据库创建服务器级防火墙规则Quickstart: Create a server-level firewall rule for single and pooled databases using the Azure portal

本快速入门详细介绍如何使用 Azure 门户为 Azure SQL 数据库中的单一数据库和共用数据库创建服务器级防火墙规则,以便能够连接到数据库服务器、单一数据库、弹性池及其数据库。This quickstart walks through how to create a server-level firewall rule for single and pooled databases in Azure SQL Database using the Azure portal to enable you to connect to database servers, single databases, and elastic pools and their databases. 若要从其他 Azure 资源和本地资源进行连接,必须使用防火墙规则。A firewall rule is required to connect from other Azure resources and from on-premises resources.

先决条件Prerequisites

本快速入门使用使用 Azure 门户创建单一数据库中创建的资源作为起点。This quickstart uses the resources created in Create a single database using the Azure portal as its starting point.

登录到 Azure 门户Sign in to the Azure portal

登录到 Azure 门户Sign in to the Azure portal.

创建服务器级 IP 防火墙规则Create a server-level IP firewall rule

SQL 数据库服务在数据库服务器级别为单一数据库和共用数据库创建防火墙。The SQL Database service creates a firewall at the database server level for single and pooled databases. 此防火墙阻止客户端应用程序和工具连接到服务器或其任何单一数据库或共用数据库,除非你创建 IP 防火墙规则来打开防火墙。This firewall prevents client applications from connecting to the server or any of its single or pooled databases unless you create an IP firewall rule to open the firewall. 对于从 Azure 外部的 IP 地址进行的连接,请针对要连接到的特定 IP 地址或地址范围创建防火墙规则。For a connection from an IP address outside Azure, create a firewall rule for a specific IP address or range of addresses that you want to be able to connect. 有关服务器级和数据库级 IP 防火墙规则的详细信息,请参阅 SQL 数据库服务器级和数据库级 IP 防火墙规则For more information about server-level and database-level IP firewall rules, see SQL Database server-level and database-level IP firewall rules.

Note

通过端口 1433 进行的 SQL 数据库通信。SQL Database communicates over port 1433. 如果尝试从企业网络内部进行连接,则该网络的防火墙可能不允许经端口 1433 的出站流量。If you're trying to connect from within a corporate network, outbound traffic over port 1433 might not be allowed by your network's firewall. 如果是这样,则无法连接到 Azure SQL 数据库服务器,除非 IT 部门打开了端口 1433。If so, you can't connect to your Azure SQL Database server unless your IT department opens port 1433.

Important

0.0.0.0 防火墙规则可让所有 Azure 服务通过服务器级防火墙规则,并尝试通过服务器连接到单一数据库或共用数据库。A firewall rule of 0.0.0.0 enables all Azure services to pass through the server-level firewall rule and attempt to connect to a single or pooled database through the server.

按照以下步骤为客户端 IP 地址创建服务器级 IP 防火墙规则,只允许通过 SQL 数据库防火墙进行外部连接,而该防火墙只对 IP 地址开放。Follow these steps to create a server-level IP firewall rule for your client's IP address and enable external connectivity through the SQL Database firewall for your IP address only.

  1. 先决条件 Azure SQL 数据库部署完成后,从左侧菜单中选择“SQL 数据库”,然后在“SQL 数据库”页上选择 mySampleDatabaseAfter the prerequisite Azure SQL database deployment completes, select SQL databases from the left-hand menu and then choose mySampleDatabase on the SQL databases page. 此时会打开数据库的概览页,显示完全限定的服务器名称(例如 mynewserver-20170824.database.chinacloudapi.cn),并且会提供进行进一步配置所需的选项。The overview page for your database opens, showing you the fully qualified server name (such as mynewserver-20170824.database.chinacloudapi.cn) and provides options for further configuration.

  2. 请复制此完全限定的服务器名称,以便在其他快速入门中连接到服务器及其数据库时使用。Copy this fully qualified server name to use when connecting to your server and its databases in other quickstarts.

    服务器名称

  3. 在工具栏上选择“设置服务器防火墙” 。Select Set server firewall on the toolbar. 此时会打开数据库服务器的“防火墙设置”页 。The Firewall settings page for the database server opens.

    服务器级别 IP 防火墙规则

  4. 在工具栏上选择“添加客户端 IP”,将当前的 IP 地址添加到新的服务器级 IP 防火墙规则。 Choose Add client IP on the toolbar to add your current IP address to a new server-level IP firewall rule. 服务器级 IP 防火墙规则可以针对单个 IP 地址或一系列 IP 地址打开端口 1433。A server-level IP firewall rule can open port 1433 for a single IP address or a range of IP addresses.

    Important

    默认情况下,所有 Azure 服务都禁止通过 SQL 数据库防火墙进行访问。By default, access through the SQL Database firewall is disabled for all Azure services. 如果要为所有 Azure 服务启用访问权限,请在此页上选择“开” 。Choose ON on this page if you want to enable access for all Azure services.

  5. 选择“保存” 。Select Save. 此时会针对当前的 IP 地址创建服务器级 IP 防火墙规则,在 SQL 数据库服务器上打开端口 1433。A server-level IP firewall rule is created for your current IP address opening port 1433 on the SQL Database server.

  6. 关闭“防火墙设置”页。 Close the Firewall settings page.

使用 SQL Server Management Studio 或所选的其他工具,你现在可以使用之前创建的服务器管理员帐户从此 IP 地址连接到 SQL 数据库服务器及其数据库。Using SQL Server Management Studio or another tool of your choice, you can now connect to the SQL Database server and its databases from this IP address using the server admin account created previously.

清理资源Clean up resources

若要转到后续步骤,以便了解如何使用多种不同的方法连接和查询数据库,请保存这些资源。Save these resources if you want to go to Next steps and learn how to connect and query your database using a number of different methods. 但是,如果希望删除在本快速入门中创建的资源,请执行以下步骤。If, however, you want to delete the resources that you created in this quickstart, use the following steps.

  1. 在 Azure 门户的左侧菜单中,选择“资源组” ,然后选择“myResourceGroup” 。From the left-hand menu in the Azure portal, select Resource groups and then select myResourceGroup.
  2. 在资源组页上选择“删除” ,在文本框中键入 myResourceGroup,然后选择“删除” 。On your resource group page, select Delete, type myResourceGroup in the text box, and then select Delete.

后续步骤Next steps