Scribd
Upload
24 views3 pages

Azure Portal

NSG

Uploaded by

iquba;
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views3 pages

Azure Portal

NSG

Uploaded by

iquba;
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab Guide: Configuring a Network Security Group (NSG) in Azure

A Network Security Group (NSG) is used to filter inbound and outbound


network traffic to and from Azure resources in a Virtual Network (VNet).

Objective
To create and configure an NSG to control traffic flow for a subnet or individual
virtual machine in Azure.

Prerequisites
1. An active Azure subscription.
2. A Virtual Network (VNet) with at least one subnet.
3. Optional: Virtual Machines (VMs) deployed in the subnet for testing.

Steps to Configure an NSG


1. Log in to Azure Portal
1. Go to Azure Portal.
2. Log in with your credentials.

2. Navigate to Network Security Groups


1. In the search bar at the top, type "Network Security Groups" and select
it.
2. Click + Create to create a new NSG.

3. Create a Network Security Group


1. Basics:
o Subscription: Select your Azure subscription.

o Resource Group: Choose an existing resource group or create a


new one.
o Name: Provide a name for the NSG (e.g., "LabNSG").

o Region: Select the same region as your VNet.

2. Click Review + Create and then Create.

4. Add Security Rules to the NSG


1. Open the created NSG from the Network Security Groups page.
2. Navigate to the Inbound security rules tab and click + Add.
3. Define the rule:
o Name: Provide a name for the rule (e.g., "AllowHTTP").

o Priority: Specify a priority number (lower numbers are processed


first).
o Source: Set to Any, IP Addresses, or Service Tag.

 Example: Use IP Addresses to specify source CIDR ranges.


o Source Port Ranges: Specify the source port (default: * for all).

o Destination: Set to Any, IP Addresses, or Service Tag.

o Destination Port Ranges: Specify the port (e.g., 80 for HTTP or


443 for HTTPS).
o Protocol: Choose TCP, UDP, or Any.

o Action: Select Allow or Deny.

4. Repeat for Outbound security rules as needed.

5. Associate the NSG


1. To a Subnet:
o Navigate to the Subnets tab in the NSG.

o Click + Associate and select the VNet and subnet.

o Confirm the association.

2. To a Network Interface (Optional):


o Navigate to the VM's Networking blade.

o Under Network Interface, assign the NSG.

Testing and Validation


1. Deploy Test VMs:
o Deploy a VM in the subnet with the associated NSG.

2. Test Traffic:
o Use tools like telnet, curl, or ping from other VMs or external
sources to test allowed/blocked traffic.
o Ensure blocked traffic fails and allowed traffic succeeds.

3. Monitor Traffic:
o Use NSG Flow Logs in Azure Monitor to analyze traffic patterns.

Example Rules
Inbound Rules

Priori Source Destination Protoc Actio


Name Source
ty Port Port ol n

AllowHTTP 100 Any * 80 TCP Allow

IP
AllowRDP 200 * 3389 TCP Allow
Addresses

DenyAllInbou
65000 Any * * Any Deny
nd

Outbound Rules

Priori Destinati Source Destination Protoc Actio


Name
ty on Port Port ol n

AllowInternet 100 Internet * 80, 443 TCP Allow

DenyAllOutbou
65000 Any * * Any Deny
nd

Enhancements
1. Service Tags:
o Use Azure service tags like AzureLoadBalancer or Internet to
simplify rule creation.
2. Application Security Groups (ASGs):
o Group VMs into ASGs for easier NSG rule management.

3. Diagnostics:
o Enable NSG Flow Logs for detailed traffic analysis.

You might also like