?
Solved

Azure network security group

Posted on 2016-11-09
2
Medium Priority
?
76 Views
Last Modified: 2016-11-10
Question about inbound rules on network security group.  I have 22 network ranges so does this mean I have to add 22 separate (same port) inbound rules for each CIDR block I want to allow in?
0
Comment
Question by:stlhost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 41881439
You should have the NSG rule to cover the subnet ranges for the inbound traffic. In fact, it depends on how you create the label for each NSG, you will need to have rule applies across each NSG.

For example, first a Network Security Group must be built to hold the rules:

New-AzureNetworkSecurityGroup -Name $NSGName `
    -Location $DeploymentLocation `
    -Label "Security group for $VNetName subnets in $DeploymentLocation"

Once the NSG is done, you can have rule applies to NSG according to the subnets for inboung traffic. You repeat for other NSG if any.

For example, this rule will allow RDP traffic to flow from the internet to the RDP port on any server on either subnet in the VNET. This rule uses two special types of address prefixes; “VIRTUAL_NETWORK” and “INTERNET”. This is an easy way to address a larger category of address prefixes.

Get-AzureNetworkSecurityGroup -Name $NSGName | `
    Set-AzureNetworkSecurityRule -Name "Enable RDP to $VNetName VNet" `
    -Type Inbound -Priority 110 -Action Allow `
    -SourceAddressPrefix INTERNET -SourcePortRange '*' `
    -DestinationAddressPrefix VIRTUAL_NETWORK `
    -DestinationPortRange '3389' `
    -Protocol *

See this for a complete example.
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-dmz-nsg-asm/
0
 
LVL 2

Author Closing Comment

by:stlhost
ID: 41882089
Thank you I was looking for this.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question