Azure Classroom Series – 23/Mar/2021

Azure Network Security groups

  • Azure Network Security Groups (NSG) can be used to filter network traffic to azure resources
  • NSG contains security rules that allow or deny in bound traffic and outbound traffic Preview
  • In the last class we have created a vm where we were able to http://publicip but not http://publicip:8080. NSG was denying the access
  • Every NSG has security rules. Each Security rule has the following properties
    • Name
    • Priority: This is number b/w 100 and 4096
    • Source: Individual IP or Any or cidr range of the source
    • Destination: Individual IP or Any or cidr range of the destination
    • Protocol: TCP, UDP, ICMP or Any
    • Direction: Inbound or outbound
    • Port Range: Which ports you want to apply the traffic to
    • Action: allow or deny
  • Lets create a network security group in Azure
    • Create a resource group
    • Create a nsg Preview Preview Preview Preview
    • The NSG which we create already has some security rules which are referred as default security rules
    • These default security rules
      • allows all of the traffic outbound (from Azure Resource to anywhere)
      • allows all of the traffic within virtual network inbound (b/w azure resources in a vnet)
      • allows all communication from AzureLoadbalancer to Azure resource in a vnet
  • Exercise: Create a network security group which
    • allows ping and http (tcp port 80 ) communication from any where
    • allow tcp port 3306 from 100.120.200.220
    • denies tcp port 3306 from anywhere Preview
  • Next steps?
    • Whey space in numbering in rules
    • nsg can be applied to subnets as well
    • consider one enterprise architecture and design nsg

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin