Windows Azure SQL Database firewall prevents access to your SQL Database server to help protect your data. You can specify firewall rules to control access to your SQL database server by specifying ranges of acceptable IP addresses. However, these firewall rules were defined at the server level, and enabled clients to access your entire SQL Database server, that is, all the databases within the same logical server. What if you wanted to control access to particular databases (containing secure information) within your SQL Database server; you could not do so earlier.
Well, now you can do so; introducing database-level firewall rules in Windows Azure SQL Database! In addition to the server-level firewall rules, you can now define firewall rules for each database in your SQL Database server to restrict access to selective clients. To do so, you must create a database-level firewall rule for the required database with an IP address range that is beyond the IP address range specified in the server-level firewall rule, and ensure that the IP address of the client falls in the range specified in the database-level firewall rule.
This is how the connection attempt from a client passes through the firewall rules in Windows Azure SQL Database:
For detailed information, see Windows Azure SQL Database Firewall.