Azure Classroom notes 27/Oct/2023

Network Security Groups (NSG)

  • NSG’s can be attached to Network Interface and also to subnets
  • NSG’s have two types rules
    • incoming/inbound (ingress)
    • outgoing/outbound (egress)
  • Rules have a number which defines priority. Lower the number higher the priority
  • NSG’s have default rules
    Preview
    Preview
  • Each rule will have

    • Priority:
    • Port: port no
    • Protocol:
      • TCP
      • UDP
      • ICMP
    • Source:
      Preview
    • Destination: Will have similar options as Source
    • Action: Allow or Deny
  • IpAddress in source of destination we will be giving CIDR Ranges. This works on the basis of network id

    • specific network: 10.10.0.0/16
    • specific ip address: 100.100.100.100/32
    • Any ip address: 0.0.0.0/0
  • Best Practices:

    • Start NSG Rules from numbers such as 300 (but not 100)
    • Between rules have some numbers left

Scenario 1: Create NSG For the below

  • Overview
    Preview
  • Web NSG:
    Preview
  • App NSG: it should allow only internal communication with in vnet & no connectivity from internet. That is what we get as default rules in NSG
    Preview
  • DB nsg: deny incoming from web subnet
    Preview

Scenario 2: Create NSG For the the below

  • Overview
    Preview
  • Web server runs on port 443 (TCP)
  • app server runs on port 5000 (TCP)
  • db server run on port 3306 (TCP)
  • Allow 22 port communication from any ip with in network for web,app,db servers.

Exercise

  • Test by creating 3 vms in network

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner