Azure Network Security Groups:

Azure Network Security Groups:

Network Security Group

An Azure Network Security Group (NSG) is a core component of Azure’s security. You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. Network (VNet).

A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Each rule in a NSG specifies the following properties:

RuleProperty
NameA unique name within the network security group.
PriorityA number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Source/DestinationThis setting defines the source or destination of the network traffic. It can be set to “Any” for traffic from anywhere, or you could lock it down to a single IP address or an IP range.
ProtocolTCP, UDP, ICMP, ESP, AH, or Any.
DirectionThis setting defines the direction of the network traffic, and you can set it to either Inbound or Outbound.
Port RangeThe port range setting describes the port or port range of the rule. You can specify a single port, e.g., 443, or a range of ports, e.g., 1000-2000.
ActionThis setting defines what action needs to be done, "Allow" or "Deny"

Default Security rules:

When you create an Azure NSG, Azure creates the following default rules in each network security group.

Screenshot 2022-02-28 at 4.33.31 PM.png

Azure Network security groups execute rules in order of priority, with the lower numbered priorities processed before high numbers.

Create a Network security group

  • On the Azure Portal, select Create a resource -> Networking -> Network Security Group
  • In the Create network security group page, under the Basics tab, set values for the following settings:
SettingAction
SubscriptionChoose your subscription.
Resource groupChoose an existing resource group, or select Create new to create a new resource group.
NameEnter a unique text string within a resource group.
RegionChoose the location you want.
  • Select Review + create.
  • After you see the Validation passed message, select Create. To view your network security groups. Search for and select Network security groups. The list of network security groups appears for your subscription.

Create a security rule

  • In Azure Portal, Search for and select Network security groups. Select the name of the network security group you want to add a security rule to. In the network security group's menu bar, choose Inbound security rules or Outbound security rules.
  • Select Add. Select or add values for the following settings, and then select OK:

Screenshot 2022-02-28 at 7.36.14 PM.png

Screenshot 2022-02-28 at 7.36.26 PM.png Source: MS Learn

Did you find this article valuable?

Support Srinivas Karnati by becoming a sponsor. Any amount is appreciated!