Disclaimer: Hey Guys, this post contains affiliate link to help our reader to buy best product\service for them. It helps us because we receive compensation for our time and expenses.
Generally, on-premises SQL server, SQL on azure, it has fixed private IP address based on number of NIC has been installed/configured or assigned to the machine.
But in case of Azure SQL database/managed instance, we do not have any fixed private IP rather we have subnet range.
Recently, while working on Azure SQL Managed instance, at one place there was a requirement to get SQL IP added to Firewall. here comes the time to write down this post.
When disabling the public IP for an Azure SQL Managed Instance, it will continue to function using its private IP address. The private IP is assigned during the creation of the Managed Instance and falls within the specified IP subnet range.
To ensure proper functionality, it is recommended to create an exception for the entire subnet rather than a single IP address for the Managed Instance. This is because the Managed Instance may be restarted or relocated to a different host during Azure maintenance processes. If an exception is only created for a single IP address and that address changes, the firewall rule will no longer be effective and requires updating. However, if the exception covers the entire subnet, there is no need to update the firewall rule when the IP address of the Managed Instance changes. Additionally, creating a subnet exception allows other resources within the same subnet to communicate with the Managed Instance, which may be necessary for certain applications.