Azure Network Security Group
-
Problem: create a network security group which allows all the communication on 80 and 443 port & denies communication on 3389 port for ip 101.102.103.104
-
Consider the following network
- Create a NSG which
- allows all incoming http (80) from anywhere
- allows all incoming ssh (22) within vnet and deny others
- denies all incoming requests on 8080 from anywhere
- allows 8080 communication for web subnet
-
22 port => deny every one but allow vnet
- Create a NSG which
- allows all incoming connections (3306) from app subnet and denies others
- allows ssh connections within vnet and denies others
Exercise: Create A Vnet with two subnets web, db
- allow all communication from web to db and db to web
- allow all communication to web subnet from http (80) and https
- denies all external communication to db subnet
- Verify the above behavior, by creating two vms one in web and other in db.
- VM in db should not have public ip.
