Network Security Group (NSG)

NSG protects Azure resources from Unauthorized Access.  In this post we can see the Features of Azure NSGs.

Capabilities

You can restrict Database Servers are only accessed from Application Servers thus protecting Legacy business data.

Rules can be configured to Allow access.

Rules can be configured to Deny access.

Restrictions can be set based on VNET

Flexibility

NSG offers the following flexibilities:

  • Automatically created along with Azure Resources
    • Inbound & Outbound rules are automatically created
      • eg: Port 3359 Allow Rune for VM
  • Reusability possible with multiple Azure Resources
    • Create an NSG for VM and reuse across multiple VMs
  • Tagging based restriction possible
    • eg: VirtualMachine, AppService etc.

Example

Create a VM > Observe NSG automatically created.

image

Try accessing the VM from Windows RDP. You should be able to login.

image

Delete the rule 3359.  Wait for 1 minute for the NSG rule to be reflected. Try login again.  You should be denied.

image

Note

Inbound Rules restricts Incoming Traffic requests to the device.

Outbound Rules restricts Outgoing Traffic requests from the device.

Summary

In this post we have explored the features of NSGs and performed a Test experiment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s