Azure Networking(5) : Network security Groups
We cannot talk about Azure network security group without mentioning Network security group, so in this article I will explain how NSG works, explain what Inbound and outbound security rules are, how to connect NSG to a subnet and how all the VMs in that Subnet will inherent the inbound and outbound rules we may create inside that NSG.
Where to find Network Security Group:
NSG can be attached to Subnets or NICs (Network Interface Card) which is attached to the VM (Virtual machine)
How to Create a Network Security Group :
The NSG can be directly created from the Azure portal or by using Azure CLI and more.
Inbounds Security Rules:
These are all the rules that control the incoming traffic to the VM, and they have one of two actions, Deny or Allow.
There are three default inbound security rules and they cannot be deleted. The first for allowing connection coming from Vents when peering happens (Source: Vnet, Destination: Vnet), the second is to allow connection coming from azure load balancer (Source : load balancer, Destination : any) and the last one for denying any other connection regardless of its source or destination.
When there are two similar rules but with different actions, Priority comes to the picture, and the rule that has the lesser priority win.
Outbound Security Rules:
These are all the rules that control the out-coming traffic from the VM, and they have one of two actions, Deny or Allow.
领英推荐
There are also three outbound security rules and cannot either be deleted. First one is to allow connection toward Vents when peering happens (Source: Vnet, Destination: Vnet), the second for allowing connection to Internet (Source: Any, Destination : Internet) and the third one is to deny any other connection regardless of its source or destination.
Also, it is true for outbound security rules, when there are two similar rules but with different actions, Priority comes to the picture, and the rule that has the lesser priority win.
Some practice
Here we will create inbound security rule, so we could connect to our VM through SSH (secure shell) protocol, and to make that happen we need to create inbound rule with allow action, and port 22 and see what happens.
Before creating the inbound security rule:
First, let us try to connect before creating the rule.
As you can see, it is impossible because the network security group doesn’t have a rule that allow such connection.
After creating the inbound security rule:
Let us first create an inbound security rule that allows SSH and to do that, we will follow the images just below.
Let us now try to connect.
Now here we go, we could connect to the VM and that is because now the NSG has a rule that allow such connection.
I hope this could be helpful and useful, and you’ve enjoyed. I welcome any comment or question.