Azure Network Security Group
- Lets create a nsg for the vm
- Create a resource group
- Creating a vnet
- While creating a vm in the web subnet lets attach nsg to allow public internet communication only on port 80
- Inbound port rules indirectly create an nsg, we will not be using that
- If you select just http our goal will be acheived but we will creating a nsg
- Navigate to networking tab
- Lets experiment with public ip from our laptops
- ping public: will fail as ICMP protocol traffic is not opened in nsg
- Lets login into the machine using ssh protocol & It should work
- Now lets install apache server and navigate to browser on public ip http://<publicip>
- Now lets install tomcat server which runs on port 8080 and try to browse using public ip http://<publicip>:8080
sudo apt-get install tomcat8 -y
- Lets try to create a nsg for business subnet which should not allow any traffic from internet.
- Even if you don’t write any rules default rules matches the behavior.
- Now lets attach this nsg to business and db subnet
Exercise
- Create two vnets in two different regions with subnets
- Web
- Business
- db
- Management
- AD
- Remember ip ranges should not collide
- Ensure subnet nsg’s are in place
