Azure Classroom Series – 26/Mar/2021

Azure network security groups contd

  • Why to leave numbers b/w security rules
  • Security rules in nsg have priority from 100 to 4096.
  • Generally its a good practice to leave some numbers b/w security rules. The reason for that is to accomodate changes in the future
  • Consider this nsg Preview
  • now lets assume there is a DDOS attack from and we need to stop that from nsg Preview
  • NSG can be applied to the subnet as well.
  • Lets try to create the network, subnets and NSG for the architecture shown below Preview Preview
  • Now lets try to create nsg rule for subnet Application Gateway
    • So that only port 443 and 80 is allowed from internet Preview
    • Now lets apply this NSG to Application Gateway Subnet Preview Preview Preview
  • Now lets try to create a NSG for Management subnet which
    • allows 3389 port from anywhere (ideally this would be your organization n/w range) Preview
  • If there is contradicting rule one says allow and the other says deny in nsg associated with nic and nsg associated with subnet, deny always wins
  • Lets look at this scenario Preview
  • Create a nsg rule for subnet3
    • allow all connections from subnet1 cidr range
    • deny all connections from subnet2 cidr range
  • Now lets look at this scenario Preview
  • To solve this we need to take individual vm’s ip and then write rules, Azure supports some thing called as Azure Application Security groups which can largely simplify these kind of scenarios.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin