MicrosoftDocs
diff --git a/‎articles/postgresql/howto-hyperscale-manage-firewall-using-portal.md
Lines changed: 8 additions & 14 deletions b/‎articles/postgresql/howto-hyperscale-manage-firewall-using-portal.md
Lines changed: 8 additions & 14 deletions
diff --git a/‎articles/postgresql/media/howto-hyperscale-manage-firewall-using-portal/3-what-is-my-ip.png
23.3 KB b/‎articles/postgresql/media/howto-hyperscale-manage-firewall-using-portal/3-what-is-my-ip.png
23.3 KB
@@ -12,15 +12,15 @@ Server-level firewall rules can be used to manage access to a Hyperscale (Citus)
 
 ## Prerequisites
 To step through this how-to guide, you need:
-- A server [Create an Azure Database for PostgreSQL](quickstart-create-hyperscale-portal.md)
+- A server group [Create an Azure Database for PostgreSQL – Hyperscale (Citus) server group](quickstart-create-hyperscale-portal.md).
 
 ## Create a server-level firewall rule in the Azure portal
 
 > [!NOTE]
-> These settings are also accessible during the creation of a Azure Database for PostgreSQL - Hyperscale (Citus) server group. Under the **Networking** tab, click **Public endpoint**.
+> These settings are also accessible during the creation of an Azure Database for PostgreSQL - Hyperscale (Citus) server group. Under the **Networking** tab, click **Public endpoint**.
 > ![Azure portal - networking tab](./media/howto-hyperscale-manage-firewall-using-portal/0-create-public-access.png)
 
-1. On the PostgreSQL server page, under Security heading, click **Networking** to open the Firewall rules page for the Azure Database for PostgreSQL.
+1. On the PostgreSQL server group page, under the Security heading, click **Networking** to open the Firewall rules.
 
    ![Azure portal - click Networking](./media/howto-hyperscale-manage-firewall-using-portal/1-connection-security.png)
 
@@ -31,26 +31,20 @@ To step through this how-to guide, you need:
 Alternately, clicking **+Add 0.0.0.0 - 255.255.255.255** (to the right of option B) allows not just your IP, but the whole internet to access the coordinator node's port 5432. In this situation, clients still must login with the correct username and password to use the cluster. Nevertheless, we recommend allowing worldwide access for only short periods of time and for only non-production databases.
 
 3. Verify your IP address before saving the configuration. In some situations, the IP address observed by Azure portal differs from the IP address used when accessing the internet and Azure servers. Therefore, you may need to change the Start IP and End IP to make the rule function as expected.
-   Use a search engine or other online tool to check your own IP address. You can also query OpenDNS:
+   Use a search engine or other online tool to check your own IP address. For example, search for "what is my IP."
 
-```bash
-# Windows
-C:\> nslookup myip.opendns.com. resolver1.opendns.com
+   ![Bing search for What is my IP](./media/howto-hyperscale-manage-firewall-using-portal/3-what-is-my-ip.png)
 
-# Unix
-$ dig +short myip.opendns.com @resolver1.opendns.com
-```
-
-4. Add additional address ranges. In the firewall rules for the Azure Database for PostgreSQL, you can specify a single IP address, or a range of addresses. If you want to limit the rule to a single IP address, type the same address in the field for Start IP and End IP. Opening the firewall enables administrators, users, and applications to access any database on the PostgreSQL server to which they have valid credentials.
+4. Add additional address ranges. In the firewall rules, you can specify a single IP address or a range of addresses. If you want to limit the rule to a single IP address, type the same address in the field for Start IP and End IP. Opening the firewall enables administrators, users, and applications to access the coordinator node on port 5432.
 
 5. Click **Save** on the toolbar to save this server-level firewall rule. Wait for the confirmation that the update to the firewall rules was successful.
 
 ## Connecting from Azure
-To allow applications from Azure to connect to your Azure Database for PostgreSQL server, Azure connections must be enabled. For example, to host an Azure Web Apps application, or an application that runs in an Azure VM, or to connect from an Azure Data Factory data management gateway. The resources do not need to be in the same Virtual Network (VNet) or Resource Group for the firewall rule to enable those connections. When an application from Azure attempts to connect to your database server, the firewall verifies that Azure connections are allowed. There are a couple of methods to enable these types of connections. A firewall setting with starting and ending address equal to 0.0.0.0 indicates these connections are allowed. Alternatively, you can set the **Allow Azure services and resources to access this server group** option to **Yes** in the portal from the **Networking** pane and hit **Save**. If the connection attempt is not allowed, the request does not reach the Azure Database for PostgreSQL server.
+
+There is an easy way to grant Hyperscale database access to applications hosted on Azure (such as an Azure Web Apps application, or those running in an Azure VM). Simply set the **Allow Azure services and resources to access this server group** option to **Yes** in the portal from the **Networking** pane and hit **Save**.
 
 > [!IMPORTANT]
 > This option configures the firewall to allow all connections from Azure including connections from the subscriptions of other customers. When selecting this option, make sure your login and user permissions limit access to only authorized users.
-> 
 
 ## Manage existing server-level firewall rules through the Azure portal
 Repeat the steps to manage the firewall rules.