Block ping and telnet Azure SQL database

Julian Steven Lavayen Gómez 0 Reputation points
2024-12-26T18:58:43.73+00:00

You can block ping and telnet from public networks to an Azure SQL database, considering that I already have a private link configured?

Azure SQL Database
{count} votes

3 answers

Sort by: Most helpful
  1. Marcin Policht 31,400 Reputation points MVP
    2024-12-26T19:18:20.54+00:00

    Azure SQL Database blocks all inbound connections by default - so unless you explicitly allowed connections, there is no additional configuration required

    More at https://learn.microsoft.com/en-us/azure/azure-sql/database/network-access-controls-overview?view=azuresql


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

  2. Alberto Morillo 34,436 Reputation points MVP
    2024-12-26T19:28:05.27+00:00

    A ping command will always fail to Azure SQL from a public network as shown below:

    C:\>ping <myserver>.database.windows.net
    
    Pinging data.sn1-1.database.windows.net [65.55.74.144] with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    Ping statistics for 65.55.74.144:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
    
    
    

    To block public access (including Telnet), you can set "Deny public network access" to "Yes" on the Firewall and virtual networks pane on the Azure portal. See detailed instructions here. In addition , remove any public IP addresses from the allowed list if they are not necessary.


  3. TP 101.8K Reputation points
    2024-12-26T20:25:24.81+00:00

    Hi Julian,

    No, you cannot block incoming telnet/ping to Azure SQL Database from public networks. The reason for this is the public IP for your Azure SQL logical Server serves multiple tenants.

    When you telnet to the public IP on port 1433 you are actually connecting to a Azure SQL Gateway. It (the Gateway) does not have enough information at that point to determine whether or not the connection should be blocked.

    Please see article below for more information:

    Connectivity architecture

    https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture?view=azuresql#connectivity-architecture

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.