Associating an NSG with a subnet – Securing Access to Virtual Networks

2024-06-042024-06-04| Zoe PetersonAssociating an NSG with a subnet – Securing Access to Virtual Networks| 0 Comment| 8:48 AM
Categories :

Associating an NSG with a subnet

When it comes to deploying resources on virtual networks within Azure, it is recommended to only allow the required traffic from a security point of view. One of the free solutions on the Azure platform to use for traffic filtering is called NSGs. NSG rules are evaluated by priority using the following five-tuple information:

• Source: This is where the traffic will be coming from, which can be set to the any option, an IP address or IP address range, a service tag, or an application security group.

• Destination: This will be the end destination receiving the traffic, which can be set to the any option, an IP address or IP address range, a service tag, or an application security group.

• Source port: This is the ports from where the traffic is originating, which can be a single port such as port 80 or multiple ports such as 80 and 443.

• Destination port: These are the ports that the traffic is destined for, which can be a single port such as port 80 or multiple ports such as 80 and 443.

• Protocol: The protocol can be set to TCP, UDP, ICMP, or any protocol.

Based on the preceding configuration, the NSG rule can be configured to either block or allow traffic.

Important Note

NSGs can be assigned on a subnet or at a network interface card level.

Let’s look at how to create an NSG via the Azure portal and associate it with an existing subnet, using the following steps:

  1. Navigate to the Azure portal by opening a web browser and visiting https:// portal.azure.com.
  2. In the left menu, selectCreate a resource, and in the search bar, type network security group, and then click Create:

Figure 15.1 – Azure Marketplace filtered for the NSG

  1. Next, select an existing subscription and resource group and give the NSG a name, such as Prod-NSG, and assign it to a region – in my case, I’m going to choose East US. Then, click on Review + create:

Figure 15.2 – Creating an NSG

  1. Once the validation has passed, click on Create. The resource will be created within a few minutes.

Now that we have successfully created our NSG, we are going to assign it to all resources on the subnet level for a specific virtual network (VNet). To do this, let’s navigate to the newly created NSG overview page in Azure. This can be found under the All resources section.

  1. Under Settings on the NSG page, select the Subnets blade and click on + Associate:

Figure 15.3 – The Subnets blade

  1. Next, select an existing VNet – in my case, this will be Vnet-prod-US. Select an existing subnet – in my case, this will be prod-subnet. Then, click on Ok.

In this demonstration, we covered what the purpose of NSGs is and how to create a new NSG via the Azure portal and assign it to an existing subnet.

In the next section, are going to have a look at how to configure NSG rules.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Web application firewall – Configuring Load Balancing

2023-11-112023-11-11 Zoe PetersonWeb application firewall – Configuring Load Balancing

Web application firewall The web application firewall (WAF) is a specialized service that caters to [...]

Read MoreRead More

Configuring Azure Application Gateway – Configuring Load Balancing

2022-02-102022-02-10 Zoe PetersonConfiguring Azure Application Gateway – Configuring Load Balancing

Configuring Azure Application Gateway You now have some information about what Azure Application Gateway is [...]

Read MoreRead More

Creating the VNet and NSG – Configuring Load Balancing

2022-10-122022-10-12 Zoe PetersonCreating the VNet and NSG – Configuring Load Balancing

Creating the VNet and NSG This sectionwill deal with the creation of your VNet and [...]

Read MoreRead More