Azure SQL Database
An Azure relational database service.
5,771 questions
Azure Application Gateway Preview feature (TCP/TLS Proxy) and Azure SQL
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 38%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jorge Rodriguez
0
Reputation points
Hello I was just wondering if anyone has attempted to use the preview feature for Azure Application Gateway to support layer 4 proxying. (https://learn.microsoft.com/en-us/azure/application-gateway/tcp-tls-proxy-overview) with an Azure SQL instance as the backend.
I have been trying to get this working with a test Azure SQL instance but I have been running into errors when attempting to connect using the gateway's IP or A record.
Hopefully someone can shed some light on whether this is truly supported with Azure SQL or if they've gotten it to work.
{count} votes
-
GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee2024-06-10T12:03:23.1233333+00:00 Hello @Jorge Rodriguez ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you are trying to setup Azure Application Gateway TCP/TLS Proxy with Azure SQL but getting errors.
As per the documentation,
The backends for the application gateway can be: Azure resources such as IaaS virtual machines, virtual machine scale sets, or PaaS (App Services, Event Hubs, SQL).
So, it should work with Azure SQL.
There is a tutorial showing how to configure this with SQL server Azure VM:
https://learn.microsoft.com/en-us/azure/application-gateway/how-to-tcp-tls-proxy
- Could you please let me know what errors you are receiving in the Application gateway when setting up this feature with Azure SQL?
- Please validate if the preview feature "AllowApplicationGatewayTlsProxy" is registered. Refer: https://learn.microsoft.com/en-us/azure/application-gateway/how-to-tcp-tls-proxy#register-to-the-preview
- Then check the backend health of your Application gateway for the SQL listener and share the status & details here. Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting#how-to-check-backend-health
- If you have enabled diagnostic settings for your Application gateway, could you please check the access logs for the error details and share them here for further discussion? Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics
Regards,
Gita
-
GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee
2024-06-11T11:37:39.57+00:00 @Jorge Rodriguez , could you please provide an update on this post?
-
GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee
2024-06-12T07:51:34.38+00:00 @Jorge Rodriguez , could you please provide an update on this issue?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 30%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
J.R_260 0 Reputation points2024-06-25T17:05:11.9233333+00:00 @GitaraniSharma-MSFT Apologies I had chance to revisit this.
To answer your questions
- Could you please let me know what errors you are receiving in the Application gateway when setting up this feature with Azure SQL? I don't have any issues configuring the feature.
- Please validate if the preview feature "AllowApplicationGatewayTlsProxy" is registered. Refer: https://learn.microsoft.com/en-us/azure/application-gateway/how-to-tcp-tls-proxy#register-to-the-preview - I have the feature enabled and I can select tcp or tls on my gateway
- Then check the backend health of your Application gateway for the SQL listener and share the status & details here. Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting#how-to-check-backend-health - The healthprobe is showing that the backend is healthy (I've attached image)
- If you have enabled diagnostic settings for your Application gateway, could you please check the access logs for the error details and share them here for further discussion? Refer: https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics - I've enabled logging, I'm currently capturing those logs to review.
The primary issue seems to be with the redirection from the AppGW to the backend Azure SQL server. I ran the connection troubleshooting tool in the portal and received some errors.
Initial errors when running the connection troubleshooter
I went into the Azure SQL server and modified the virtual network rules to allow the subnet where my gateway is deployed into as well as any other subnets within that same vnet.
This is the error after.
I double-checked and made sure the firewall rule on the SQL server allows my public IP, and the public IP of the App GW, I've also made sure that the "Allow Azure services and resources to access this server" is enabled. I don't have any NSG or additional FW that could be blocking traffic to the backend server.
Additional image - Backend probe health
-
GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee
2024-06-26T13:13:49.2133333+00:00 @Jorge Rodriguez , thank you for the update.
I've enabled logging, I'm currently capturing those logs to review. <---- I will wait for you to review the logs. Do share the logs if you find any errors.
You mentioned that you have been running into errors when attempting to connect using the gateway's IP or A record.
Could you please let me know how are you trying to connect to the SQL server? Are you using SQL Server Management Studio?
And did you configure the below in the SQL server?
- Configure the SQL server to accept SQL authentication
- Created an admin account on the SQL server
Have you selected the SQL connectivity option as Public (internet) to allow connections to SQL Server from machines or services on the internet?
Regards,
Gita
-
J.R_260 0 Reputation points
2024-06-28T21:26:27.0266667+00:00 @GitaraniSharma-MSFT Thank you for your response.I'm using SQL Management Studi to try to connect to the SQL instance
Yes, SQL Authentication is enabled, and an admin account was created, I can connect just fine if I use "DBservername.database.windows.net"
Yes, I'm allowing external access from the internet to this database, I've also whitelisted any necessary IP addresses.
-
GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee
2024-07-03T10:37:50.08+00:00 @Jorge Rodriguez , thank you for the confirmation.
Could you please let me know what errors you are receiving when trying to connect to the SQL server using the Application gateway's IP address?
Also, were you able to get the Application gateway access logs? If yes, could you please let me know the "serverStatus" found in the Application gateway access logs for the SQL requests?
Regards,
Gita
Sign in to comment
Sign in to answer