Network Security Groups
- This is used to filter the network traffic.
- It processes the security rules based on priority
- Consider the following inbound security rules in the NSG
| # Priority | Protocol | Source | Source Port | Destination | Destination Port | Action |
|---|---|---|---|---|---|---|
| 300 | TCP | * | * | * | 80 | Allow |
| 320 | TCP | * | * | * | 443 | Allow |
- Now consider the following nsg attached to network interface of the virtual machine
- Use case 1: User from source 183.183.183.183 is try to establish ssh connection:
- The connection will be denied as the security rules have no rule matching 22 port
- Use case 2: A virtual machine from the same vnet is trying to connect to the vm with the above rules:
- Default Security rules allow all traffic from with in vnet.
Scenario – Simple Ntier-Architecture
- Consider the following ntier architecture
- Lets create a NSG for vms in
- Web subnet which should allow all the traffic
- on port 80 and 22 from anywhere
- on any port with in the vnet
- Db & business subnet which allows all the traffic with in the vnet.
- Web subnet which should allow all the traffic
- We need to create 3 subnets in a vnet
- In Each subnet create a vm and attach the suitable nsg
- Web NSG
- privatensg: create a nsg and don’t change any rules stick to default nsg security rules
- Lets create a vnet with 3 subnets
- Lets create the following vms
ubuntu 20.04in- db
- business
- web
- db
- To connect to db server / business server you need to first ssh into web server and then ssh from web into business/db server.
- Any server which is connected to public network and helps you connecting to the private machines/vm is generally referred as
- jump box
- bastion host
