Azure Classroom Series – 29/Oct/2019

Security in Azure VNET

Basic Overview of Security


  • NSGs can be applied at VM level and also at subnet level

What does NSG Consists of and How to create and configure NSG

  • NSG Consists of rules. Two rules are present
    • Incoming (Inbound, Ingress)
    • Outgoing (Outbound, Egress)
  • Each rule has the following
    • Priority: Whats the priority of the rule. Lower the number higher the priority.
    • Source IP Range: Ip Range of Source of Network Packet.
    • Destination IP Range: Ip Range of Destination
    • Protocol: TCP, UDP, ICMP ….
    • Source Port: Traffic Sources Port
    • Destination Port: Traffic’s Destination Port
    • Action: ALLOW or DENY
  • Creation
    • Portal
    • CLI
    • Powershell

How NSG Evaluates Incoming Traffic

  1. Whenever a packet is received, Rule evaluation starts by picking highest priority rule (rule with Priority Number the least among rules)
  2. Checks whether the mentioned Source IP matches the Packet. If no go the next highest priority rule
  3. Check whether the Protocol is matching. If no go the next highest priority rule
  4. Checks wheter the Destination Port is matching. If no go the next highest priority rule
  5. Since the rule is written for this packet Action is executed. (ALLOW or DENY)

Attaching NSGS to Subnets and VM’s

todo: Add necessary links

Application Security Groups

  • Creating an Application Security Group.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner