SQL Azure Edge: SQL Azure Firewall

To help protect your data by default, all access to your SQL Azure server is blocked by the SQL Azure firewall; connection attempts originating from the Internet or Windows Azure will not be able to reach your SQL Azure server. In order to begin using your SQL Azure server, you must go to the SQL Azure portal and specify one or more firewall settings that enable access to your SQL Azure server. Use the firewall settings to specify which IP address ranges from the Internet are allowed, and whether or not Windows Azure applications can attempt to connect to your SQL Azure server.
Connection attempts from the Internet and Windows Azure must first pass through the SQL Azure firewall before they can reach your SQL Azure server, as shown in the following diagram.

Connecting from the Internet

When a computer attempts to connect to your SQL Azure server from the Internet, the SQL Azure firewall checks the originating IP address of the request against the full set of firewall settings. If the IP address of the request is not within one of the ranges specified, the connection attempt is blocked and does not reach the SQL Azure server.

Connecting from Windows Azure
When an application from Windows Azure attempts to connect to your SQL Azure server, the SQL Azure firewall looks for a specific firewall setting that indicates whether Windows Azure connections are allowed.
A firewall setting with starting and ending address equal to 0.0.0.0 indicates that Windows Azure connections are allowed. If the connection attempt is not allowed, the request does not reach the SQL Azure server.

Creating the First Firewall Rule
In order to connect to your SQL Azure server for the first time, the first firewall setting must be specified using the SQL Azure portal. To begin configuring the firewall, on the SQL Azure portal, click the Firewall Settings tab on the Server Information page.