VA2065 - Server Level Firewall Rules

David Sweeting 6 Reputation points
2022-09-15T10:06:02.577+00:00

Having just received the latest vulnerability scan we have (under findings) seen the VA2065 error, if I am understanding it correctly is saying you should have server-level firewall rules, the odd part is we do indeed have server-level firewall rules for the affected DBs.

Has anyone else come across this? and what was the workaround, any advice would be greatly received.

Best Wishes

David

Azure SQL Database
{count} vote

1 answer

Sort by: Most helpful
  1. GeethaThatipatri-MSFT 29,377 Reputation points Microsoft Employee
    2022-09-19T19:37:33.18+00:00

    Hi, @David Sweeting The rule’s title is “Server-level firewall rules should be tracked and maintained at a strict minimum”.
    It means you should keep the list of firewall rules to a bare minimum, only the ones you must have for a functioning environment.
    It just gives you the ability to track any changes to your firewall rules.
    Then in SQL VA, you set them as a baseline and track changes.
    242672-image.png

    From that point on, the rule will be in a healthy state unless a change is made to the firewall rules

    Please let me know if you need any additional information.
    Regards
    Geetha


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.