Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Azure NSG (Security Group)

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

[enter the article title here]

Previously, on Azure, for network security, users could configure the ACL of the VM endpoint themselves, but could not configure ACL for the entire V-NET or define a group.

The emergence of the Network Security Group (NSG) solves this problem and can be used to control communication to one or more virtual machine (VM) instances in the virtual network. Access control rules are included in NSG to allow or deny traffic to VM instances, and the rules for NSG can be changed at any time.

Note:

NSG requires that the region VNet,NSG is not compatible with the VNet associated with the edge group.

Only one NSG can be associated with a VM or subnet

Currently, each NSG contains a maximum of 200 rules.

Currently, there are up to 100 NSG per subscription.

1 content of the rule

Name: unique identifier of the rule

Type: inbound / outbound

Priority:

Source IP address: CIDR of the source IP range

Source port range:

Target IP range: CIDR of the target IP range

Target port range:

Agreement:

Access: allow / deny

Default rule: NSG has a default rule, which cannot be deleted, but has the lowest priority

Inbound

Name

Priority

Source IP

Source port

Target IP

Target port

Agreement

Visit

Allow inbound VNET

65000

VIRTUAL_NETWORK

*

VIRTUAL_NETWORK

*

*

Allow

Allow inbound AZURE load balancer

65001

AZURE_LOADBALANCER

*

*

*

*

Allow

Deny all inbound

65500

*

*

*

*

*

Refuse

Outbound station

Name

Priority

Source IP

Source port

Target IP

Target port

Agreement

Visit

Allow outbound VNET

65000

VIRTUAL_NETWORK

*

VIRTUAL_NETWORK

*

*

Allow

Allow outbound INTERNET

65001

*

*

INTERNET

*

*

Allow

Reject all outbound stations

65500

*

*

*

*

*

Refuse

2 create and manage NSG

For NSG associations, there are the following situations:

If you associate a NSG to a VM, the network access rules in that NSG will be applied directly to all traffic destined for the VM. If you associate a NSG to a subnet, the network access rules in the NSG will be applied to all VM in that subnet. Associate two NSG to the V-NBT where the VM and VM are located, and the VM will receive double protection.

Every time a rule or association is modified, it will be updated in minutes.

2.1 Program NSG

Create and associate NSG to VM

1. Create a network security group (NSG).

two。 Add network security rules unless the default rules are sufficient to meet your needs.

3. Associate the NSG to the VM.

4. Update VM.

5. After the update, the NSG rule takes effect immediately.

Update an existing NSG

1. Add, delete, or update rules in an existing NSG.

two。 All VM associated with NSG will be updated within minutes. If the NSG rule is already associated with a VM, no VM update is required.

Change NSG association

1. Associate a new NSG to a VM that is already associated with another NSG.

two。 Update VM.

3. The rules in the new NSG will take effect in minutes.

2.2 configure NSG

Currently, only PowerShell cmdlet and REST API can be used to configure and modify NSG

Create a network security group

New-AzureNetworkSecurityGroup-Name "MyNSG01"-Location "China East"-Label "Security group for my Vnet in China East"

Add or update rules

Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Set-AzureNetworkSecurityRule-Name WEB-Type Inbound-Priority 100-Action Allow-SourceAddressPrefix 'INTERNET'-SourcePortRange' *'- DestinationAddressPrefix'*'- DestinationPortRange '80'-Protocol TCP

Delete a rule

Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Remove-AzureNetworkSecurityRule-Name WEB

Associate NSG to VM

Get-AzureVM-ServiceName "ngcloud"-Name "ngvm01" | Set-AzureNetworkSecurityGroupConfig-NetworkSecurityGroupName "MyNSG01" | Update-AzureVM

Remove NSG from VM

Get-AzureVM-ServiceName "ngcloud"-Name "ngvm01" | Remove-AzureNetworkSecurityGroupConfig-NetworkSecurityGroupName "MyNSG01" | Update-AzureVM

Associate a NSG to a subnet

Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Set-AzureNetworkSecurityGroupToSubnet-VirtualNetworkName 'ngtest-network'-SubnetName' Subnet-1'

Existing V-NET and subnet

Association

View the associated results

Delete NSG from subnet

Get-AzureNetworkSecurityGroup-Name "MyNSG01" | Remove-AzureNetworkSecurityGroupFromSubnet-VirtualNetworkName 'ngtest-network'-SubnetName' Subnet-1'

View the results again

Delete NSG

Remove-AzureNetworkSecurityGroup-Name "MyNSG01"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report