This post has been republished via RSS; it originally appeared at: Azure Database Support Blog articles.
In the latest days, we received a lot of questions about the new options that we have using Azure SQL Database Firewall and Private Link.
Following I would like to share with you my experiences using "Deny Public Network Access", "Allow Azure Services" and Private Link.
As you could see in the next table, depending on the values of these features, we will have the following behaviours.
| Deny Public Network Access | Allow Azure Services | How to connect? |
| Yes | Yes | Inside/outside Azure will be not possible. You need to use Private Link. |
| Yes | No | Inside/outside Azure will be not possible. You need to use Private Link. |
| No | Yes |
Machines/Services running in Azure Environment will be able to connect. For Azure outside connections you need to specify the public IP. |
| No | No | You need to specify the public IP to be able to connect. |
In summary, pay attention about the value of "Deny Public Network Access" because if this value is YES the connection outside and inside Azure will be affected.
Also, remember that when you create a Private Link this endpoint is a private endpoint within a specific VNet and Subnet. If you try to connect outside this VNet and Subnet the connection will be using the public endpoint.
Enjoy!