Network Security Groups In Azure

karnatisrinivas

Srinivas karnati

Posted on February 28, 2022

Network Security Groups In Azure

Network Security Group

An Azure Network Security Group (NSG) is a core component of Azure’s security. You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. Network (VNet).

A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Each rule in a NSG specifies the following properties:

Rule Property
Name A unique name within the network security group.
Priority A number between 100 and 4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Once traffic matches a rule, processing stops. As a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
Source/Destination This setting defines the source or destination of the network traffic. It can be set to “Any” for traffic from anywhere, or you could lock it down to a single IP address or an IP range.
Protocol TCP, UDP, ICMP, ESP, AH, or Any.
Direction This setting defines the direction of the network traffic, and you can set it to either Inbound or Outbound.
Port Range The port range setting describes the port or port range of the rule. You can specify a single port, e.g., 443, or a range of ports, e.g., 1000-2000.
Action This setting defines what action needs to be done, "Allow" or "Deny"

Default Security rules:

When you create an Azure NSG, Azure creates the following default rules in each network security group.

Screenshot 2022-02-28 at 4.33.31 PM.png

Azure Network security groups execute rules in order of priority, with the lower numbered priorities processed before high numbers.

Create a Network security group

  • On the Azure Portal, select Create a resource -> Networking -> Network Security Group
  • In the Create network security group page, under the Basics tab, set values for the following settings:
Setting Action
Subscription Choose your subscription.
Resource group Choose an existing resource group, or select Create new to create a new resource group.
Name Enter a unique text string within a resource group.
Region Choose the location you want.
  • Select Review + create.
  • After you see the Validation passed message, select Create. To view your network security groups. Search for and select Network security groups. The list of network security groups appears for your subscription.

Create a security rule

  • In Azure Portal, Search for and select Network security groups. Select the name of the network security group you want to add a security rule to. In the network security group's menu bar, choose Inbound security rules or Outbound security rules.
  • Select Add. Select or add values for the following settings, and then select OK:

Screenshot 2022-02-28 at 7.36.14 PM.png

Screenshot 2022-02-28 at 7.36.26 PM.png
*Source: MS Learn *

💖 💪 🙅 🚩
karnatisrinivas
Srinivas karnati

Posted on February 28, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related