Today, I worked on a service request that our customer got the following error message: Cannot open server 'servername' requested by the login. Client with IP address 'XXX.XXX.XXX.XXX' is not allowed to access the server. To enable access, use the Windows Azure Management Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range. It may take up to five minutes for this change to take effect.
Sometimes, depending on how the cache works or when the update about the firewall rules have been done, it is important to run the command DBCC FLUSHAUTHCACHE to empties the database authentication cache containing information about logins and firewall rules, for the current user database in SQL Database. The user executing the statement and other currently connected users remain connected.
Enjoy!