Network Security Group (NSG) is the main Azure resource that you need to use to control network traffic. Like as firewall in on premise networks, Azure NSG provides you ideal way to create and manage Access Control Lists (ACLs) for your virtual network. NSG can be assign on NIC level or subnet level inside virtual network, but whenever you want to assign your NSG, process of creating and configuring is same.
In this post, I’ll show you how you can create NSG with one simple rule that allows access to your Windows VM over RDP.
In Azure portal, you need to click to Create a resource in left menu and select Network security group. As you can see on image bellow, you just need to define name, resource group and location.
Once NSG is created, you will be able to se only 3 inbound and 3 outbound default rules, that cannot be removed.
Those rules cannot help you to establish or restrict connection between VMs or services, so you need to create custom rules. As I mentioned earlier, I will create one simple rule, that will allow access to Windows virtual machines over RDP, but only from specific IP address.
If you want to do that using Azure PowerShell, you just need to run following script.
# Define Parameters $Location = "North Europe" $ResourceGroup = "TechTrainerRG" $NsgName = "TechTrainerNSG" # Create NSG rule $nsgRule = New-AzNetworkSecurityRuleConfig -Name 'allow-vm-access' -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix '184.108.40.206' -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow # Create NSG with predefine rule New-AzNetworkSecurityGroup -ResourceGroupName $ResourceGroup -Location $location -Name $nsgName -SecurityRules $nsgRule
At the end, you should have configured rule 🙂