Azure Network Security Group-NSG - Demo article -Manaswin
Manaswin Sakamuri
Azure Machine Learning & Artificial Intelligence |Azure Data-Engineer |Azure Data-Bricks |Azure-Data Factory |Azure SQL Database
Overview of Azure NSG:-
You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains Security rules?that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
In this article I am going to create Virtual Network, Inside the Virtual network I am going to create two Subnets and assigning two Virtual machines to each subnet.
Further, I am going to block the HTTP port(80) access of Virtual machine 2 to Virtual network.
Note:- We can keep NSG in VM level or Subnet level based on your need.
Demo:- Attaching the Code in the bottom of the article.
Step:- Creating Resources as per the requirement.
After creating all the required resources we need to SSH to both the virtual machines.
Once we connected to that We can able curl the vm2 with its IP address from VM-1
Step2 :- Now we are going to deny HTTP access for VM1 for that we need to Block HTTP traffic from Inbound rules of VM2. There is another way to this i,e by creating NSG group and associate the subnet of VM2 to this NSG group. Hence VM 1 will not able to Curl Vm2.
Creating NSG group in the same resource group with the name of BlockHTTP
Step 3:- After creating open NSG inbound rules and Deny HTTP port 80
As per the above snap I have added 'Deny' to the Http port 80 to the NSG.
Step 4:- Now we are going to associate this NSG to the subnet of VM2.
Once we added the NSG to Subnet of VM2. Then we could not able to access the VM2 from VM1 like this we can able to restrict the permissions to access the Virtual machines with in the Vnet by using the NSG.
Please find my below attached code for your reference to create VM,Vnet with subnets and sample apache code which I have used to create resources for the above demo
================================================
$grp="NSGTestRG"
$location="southeastasia"
领英推荐
$vnetName="VNET"
$subnetName="SUBNET_1"
$subnetName2="SUBNET_2"
$vmName="VM_1"
$vmName2="VM_2"
# CREATE RESOURCE GROUP
az group create --name $grp --location $location
# CREATE VIRTUAL NETWORK
az network vnet create --address-prefixes 10.0.0.0/16 --name $vnetName --resource-group $grp
# CREATING SUBNETS
az network vnet subnet create -g $grp --vnet-name $vnetName -n $subnetName --address-prefixes 10.0.0.0/24
az network vnet subnet create -g $grp --vnet-name $vnetName -n $subnetName2 --address-prefixes 10.0.10.0/24
# CREATING VMs IN EACH SUBNET
az vm create --resource-group $grp --name $vmName --image ubuntults --vnet-name $vnetName --subnet $subnetName --admin-username yourname--admin-password Hello@12345#
az vm create --resource-group $grp --name $vmName2 --image ubuntults --vnet-name $vnetName --subnet $subnetName2 --admin-username yourname--admin-password Hello@12345#
# INSTALLING APACHE
apt-get update -y
apt-get upgrade -y
apt-get install apache2 -y
echo "Hello From VM2!" > /var/www/html/index.html
=======================================================