[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Azure network security group

Posted on 2016-11-09
2
Medium Priority
?
79 Views
Last Modified: 2016-11-10
Question about inbound rules on network security group.  I have 22 network ranges so does this mean I have to add 22 separate (same port) inbound rules for each CIDR block I want to allow in?
0
Comment
Question by:stlhost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 41881439
You should have the NSG rule to cover the subnet ranges for the inbound traffic. In fact, it depends on how you create the label for each NSG, you will need to have rule applies across each NSG.

For example, first a Network Security Group must be built to hold the rules:

New-AzureNetworkSecurityGroup -Name $NSGName `
    -Location $DeploymentLocation `
    -Label "Security group for $VNetName subnets in $DeploymentLocation"

Once the NSG is done, you can have rule applies to NSG according to the subnets for inboung traffic. You repeat for other NSG if any.

For example, this rule will allow RDP traffic to flow from the internet to the RDP port on any server on either subnet in the VNET. This rule uses two special types of address prefixes; “VIRTUAL_NETWORK” and “INTERNET”. This is an easy way to address a larger category of address prefixes.

Get-AzureNetworkSecurityGroup -Name $NSGName | `
    Set-AzureNetworkSecurityRule -Name "Enable RDP to $VNetName VNet" `
    -Type Inbound -Priority 110 -Action Allow `
    -SourceAddressPrefix INTERNET -SourcePortRange '*' `
    -DestinationAddressPrefix VIRTUAL_NETWORK `
    -DestinationPortRange '3389' `
    -Protocol *

See this for a complete example.
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-dmz-nsg-asm/
0
 
LVL 2

Author Closing Comment

by:stlhost
ID: 41882089
Thank you I was looking for this.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft has changed the look and feel of Azure AD and Microsoft account sign-in pages so that you will have a more unified look and feel when moving between the two interfaces.
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question