Azure Classroom Series – 06/Nov/2020

Network Security Groups (NSGs)

  • NSGs contain sets of rules that allow or deny specific traffic to specific resources or subnets in Azure

  • NSG can be associated to a Network Interface (NIC) or subnet Preview

  • Lets create a simple nsg Preview Preview Preview Preview

  • NSG has set of rules, Each rule has a priority. Rules with higher priority have lower priority number (Lower the Priority number higher will be its priority)

  • Every rule has

    • priority (lower the number higher the priority): Range is between 100 and 4096
    • source: For inbound source is where the network packet is arriving from. Azure gives options for
      • Any (Anywhere)
      • IpAddress (Specific IP Ranges)
      • Service Tag
      • Application Security Group
    • source port range: From which port is the traffic generated on source
    • Destination: Where the network packet is travelling
    • Destination Port Ranges: Port on which the network packet is reaching
    • Protocol:
      • TCP
      • UDP
      • ICMP
    • Action: Allow /Deny
    • Name:
    • Description
  • Lets try to write a rule which allows http and ssh communications from internet, all communication with vnet are allowed rest are denied Preview

  • Now lets attach this to web subnet Preview Preview

  • Now lets create a nsg for app subnet which allows communication only from web subnet for incoming.

  • While creating the vm the nsg gets created and associates with network interface.

  • Exercise: Create a vnet as mentioned in the below architecture

    • Diagram Preview
    • Web Subnet, Management should be accessible from any where (including internet) => Create an NSG
    • Business subnet should be accesible to Web & Mgmt
    • Data subnet should be accessible to Business & Mgmt
    • AD subnet should be accessible to all other subnets not internet

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin