In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
[enter the article title here]
Previously, on Azure, for network security, users could configure the ACL of the VM endpoint themselves, but could not configure ACL for the entire V-NET or define a group.
The emergence of the Network Security Group (NSG) solves this problem and can be used to control communication to one or more virtual machine (VM) instances in the virtual network. Access control rules are included in NSG to allow or deny traffic to VM instances, and the rules for NSG can be changed at any time.
Note:
NSG requires that the region VNet,NSG is not compatible with the VNet associated with the edge group.
Only one NSG can be associated with a VM or subnet
Currently, each NSG contains a maximum of 200 rules.
Currently, there are up to 100 NSG per subscription.
1 content of the rule
Name: unique identifier of the rule
Type: inbound / outbound
Priority:
Source IP address: CIDR of the source IP range
Source port range:
Target IP range: CIDR of the target IP range
Target port range:
Agreement:
Access: allow / deny
Default rule: NSG has a default rule, which cannot be deleted, but has the lowest priority
Inbound
Name
Priority
Source IP
Source port
Target IP
Target port
Agreement
Visit
Allow inbound VNET
65000
VIRTUAL_NETWORK
*
VIRTUAL_NETWORK
*
*
Allow
Allow inbound AZURE load balancer
65001
AZURE_LOADBALANCER
*
*
*
*
Allow
Deny all inbound
65500
*
*
*
*
*
Refuse
Outbound station
Name
Priority
Source IP
Source port
Target IP
Target port
Agreement
Visit
Allow outbound VNET
65000
VIRTUAL_NETWORK
*
VIRTUAL_NETWORK
*
*
Allow
Allow outbound INTERNET
65001
*
*
INTERNET
*
*
Allow
Reject all outbound stations
65500
*
*
*
*
*
Refuse
2 create and manage NSG
For NSG associations, there are the following situations:
If you associate a NSG to a VM, the network access rules in that NSG will be applied directly to all traffic destined for the VM. If you associate a NSG to a subnet, the network access rules in the NSG will be applied to all VM in that subnet. Associate two NSG to the V-NBT where the VM and VM are located, and the VM will receive double protection.
Every time a rule or association is modified, it will be updated in minutes.
2.1 Program NSG
Create and associate NSG to VM
1. Create a network security group (NSG).
two。 Add network security rules unless the default rules are sufficient to meet your needs.
3. Associate the NSG to the VM.
4. Update VM.
5. After the update, the NSG rule takes effect immediately.
Update an existing NSG
1. Add, delete, or update rules in an existing NSG.
two。 All VM associated with NSG will be updated within minutes. If the NSG rule is already associated with a VM, no VM update is required.
Change NSG association
1. Associate a new NSG to a VM that is already associated with another NSG.
two。 Update VM.
3. The rules in the new NSG will take effect in minutes.
2.2 configure NSG
Currently, only PowerShell cmdlet and REST API can be used to configure and modify NSG
Create a network security group
New-AzureNetworkSecurityGroup-Name "MyNSG01"-Location "China East"-Label "Security group for my Vnet in China East"
Add or update rules
Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Set-AzureNetworkSecurityRule-Name WEB-Type Inbound-Priority 100-Action Allow-SourceAddressPrefix 'INTERNET'-SourcePortRange' *'- DestinationAddressPrefix'*'- DestinationPortRange '80'-Protocol TCP
Delete a rule
Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Remove-AzureNetworkSecurityRule-Name WEB
Associate NSG to VM
Get-AzureVM-ServiceName "ngcloud"-Name "ngvm01" | Set-AzureNetworkSecurityGroupConfig-NetworkSecurityGroupName "MyNSG01" | Update-AzureVM
Remove NSG from VM
Get-AzureVM-ServiceName "ngcloud"-Name "ngvm01" | Remove-AzureNetworkSecurityGroupConfig-NetworkSecurityGroupName "MyNSG01" | Update-AzureVM
Associate a NSG to a subnet
Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Set-AzureNetworkSecurityGroupToSubnet-VirtualNetworkName 'ngtest-network'-SubnetName' Subnet-1'
Existing V-NET and subnet
Association
View the associated results
Delete NSG from subnet
Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Remove-AzureNetworkSecurityGroupFromSubnet-VirtualNetworkName 'ngtest-network'-SubnetName' Subnet-1'
View the results again
Delete NSG
Remove-AzureNetworkSecurityGroup-Name "MyNSG01"
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.