Network Security Groups (NSG)
- This is used to filter the network traffic to and from Azure resources in Azure VNet.
- NSG Contains Security rules that allow or deny the network traffic
- NSG Can be attached to VM (network interface) or to a subnet.
- If you have common rules required for multiple vms or subnets then you can use the same NSG
- Lets explore the NSG for the vm created in last session
- Azure Has Default NSG Rules added
- Exercise: Create an NSG which allows http (TCP => 80) to every one and ssh (TCP => 22) to every one and (ICMP => *) to every once
- The rules specified are inbound
- Steps
- The default rules
- allow the incoming traffic with in vnet and allows all the traffic from Azure Load Balancer, Any thing else is denied
- allow the outgoing traffic with vpc and also to internet
- Steps:
- Exercise 2: Create a network security group which
- allows http and https (tcp 80,443) from anywhere
- denies ssh from anywhere (tcp 22)
- which doesnt allow VM to access 100.100.100.100 on any protocol
