Jump to content

Lesson Learned #285: Why can I still telnet to port 1433?


Recommended Posts

Guest Jose_Manuel_Jurado
Posted

Some days ago, we received a question from a customer that has a firewall rule on from selected networks on the Azure SQL Server and they found when they use telnet to connect to servername.database.windows.net on port 1433 from other locations that are not allowed in their firewall. I would like to explain why.

 

 

 

Basically, it is explained on this Azure SQL Database gateway IP addresses. A Azure SQL Database server is an abstraction, a logical container that defines a grouping of databases. It does not represent a SQL Server instance listening in a public address and represent a single connection endpoint for all the databases.

 

 

 

For example if you ping a server's FQDN, like [servername.database.windows.net] you get the public gateway IP. If you ping any other SQL DB server in the same region, you would get one of the other possible IPs for the gateway in that Azure region.

 

 

 

These IPs are shared by all the SQL DB servers in the same region. It's a gateway that receives all incoming connections and redirects them to the SQL instance running the requested database in the right database cluster.

 

 

 

Enjoy!

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...