Hello Zscaler Community,
As anyone able to get Azure SQL Database connection working via Zscaler App Connector? I could see my traffic hitting the ZPA but when connecting to the Azure database its using home public ip address vs AppConector public ip address.
Yes, we have it working. Make sure the connector has a good network path with proper ports to reach the SQL instance. If the connector is also in Azure, The Azure SQL DB connection will detect this and change it’s connection method to use a different host & protocol (from tcp/1433 to a range as I recall). That is most likely your issue. the host being connected to will dynamically change from SQLHOST.database.windows.net to [hostid].worker.database.windows.net. You may want to add *.worker.database.windows.net to the app segment if you want all your Azure SQL DBs to go through ZPA.
Joe you are god sent. I been banging my head against the wall trying to resolve this issue and no idea how to resolve it. I tested your solution by adding wildcard *.worker.database.windows.net and its working now. I am not azure database expert but can you elaborate [hostid].worker .database.windows.net. what would be the hostid? is that the database name?
I am not an Azure SQL expert either. I’m probably not using the proper term but what I referred to as the hostid was a cryptic name that the SQL client is dynamically redirected to after initially connecting to the SQL FQDN. I assume it’s the name of a specific Azure SQL cluster or node. We were able to see it when doing a network trace but I don’t know what the actual name represents nor how static the resulting name is (load balancing may be involved). Because of this, we went the route of adding the wildcard (*.worker.database.windows.net) to make it work.
Hi Joe
Apologize for bugging you but your azure sql server does it have private ip address or are you using the public servername to connect to the databases?
I think it may have changed but at the time we implemented this, we were using the public interfaces / IPs.
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.