![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure SQL Database
An Azure relational database service.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hi @sakuraime ,
Thanks for using Microsoft Q&A !!
When a VNET (technically, a subnet) which has Service Endpoint enabled for Azure.Sql, is added to the list of subnets allowed to connect to SQL. As such, it is mutually exclusive from the list of firewall rules which exist for public connections.
Basically, to allow list all traffic from a subnet to SQL Db it's a two step process i.e.
- Enable Service Endpoints on the subnet with Microsoft.Sql
- On the SQL Database --> Firewalls, add a new Vnet firewall rule referencing that Vnet and Subnet.
And such VNET firewall rules can be enumerated via. API and CLI as well. PowerShell example:
Please let me know if you have any other questions.
Thanks
Saurabh
----------
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.