1

I have successfully configured a SQL 2008 VM in Azure, added an end point which maps through to port 1433 and set up a windows firewall rule for inbound traffic to connect to SQL server.

The next setting I wanted to apply was to limit the remote IP addresses which can access the SQL server. Windows Azure endpoints configured in the portal do not allow IP restriction, so I went to Windows Firewall advanced settings, inbound rules and added the IP address of my office in the scope setting (remote IP address) of the Firewall rule. Applying these IP addresses resulted in access being denied from both locations (generic server does not exist/unavailable message). I checked and re-checked and I have the correct IP addresses in scope. I remove the IP scope settings and I can connect again.

Any ideas on why the firewall/SQL server would not be able to apply the Remote IP address scope setting correctly?

Gavin Sinai
  • 111
  • 3

2 Answers2

1

Setting IP ACL's on endpoints is currently supported only via PowerShell, not through the portal. If you look at Michael Washam's blog post about this, you can see all the details. In essence, you'll do something like this:

$acl = New-AzureAclConfig

Set-AzureAclConfig -AddRule Permit -RemoteSubnet "w.x.y.z/24" -Order 1 -ACL $acl -Description "..."

Get-AzureVM -ServiceName myservice -Name myvm | 
    Set-AzureEndpoint -Name myport -Protocol tcp -PublicPort xxx -LocalPort yyy -ACL $acl | 
    Update-AzureVM

Note: You may get an error when attempting to set the ACL. I've seen this happen with some of my older services, so I suspect that there's been some internal updates to support ACLs that doesn't exist for older deployments. Easily fixed with a remove and re-add of the endpoint needing ACL.

David Makogon
  • 2,768
  • 1
  • 20
  • 29
0

Check this forum post for the current behavior of the management portal when creating endpoints: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/8f697f17-72b7-46f7-8c97-398b91190a2f/server-2012-vm-on-azure-passive-ftp-wont-work#aa5d9cdd-41a2-4ac7-87f0-c694f6a9af1a.

Tabrez Mohammed
  • 1
  • 1
  • 1
    Link only answers are not great. The link can fail or be removed. Adding some of the detail from the link would make this a better answer. – Dave M Aug 08 '13 at 12:58