Solved

Azure network security group

Posted on 2016-11-09
2
50 Views
Last Modified: 2016-11-10
Question about inbound rules on network security group.  I have 22 network ranges so does this mean I have to add 22 separate (same port) inbound rules for each CIDR block I want to allow in?
0
Comment
Question by:stlhost
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41881439
You should have the NSG rule to cover the subnet ranges for the inbound traffic. In fact, it depends on how you create the label for each NSG, you will need to have rule applies across each NSG.

For example, first a Network Security Group must be built to hold the rules:

New-AzureNetworkSecurityGroup -Name $NSGName `
    -Location $DeploymentLocation `
    -Label "Security group for $VNetName subnets in $DeploymentLocation"

Once the NSG is done, you can have rule applies to NSG according to the subnets for inboung traffic. You repeat for other NSG if any.

For example, this rule will allow RDP traffic to flow from the internet to the RDP port on any server on either subnet in the VNET. This rule uses two special types of address prefixes; “VIRTUAL_NETWORK” and “INTERNET”. This is an easy way to address a larger category of address prefixes.

Get-AzureNetworkSecurityGroup -Name $NSGName | `
    Set-AzureNetworkSecurityRule -Name "Enable RDP to $VNetName VNet" `
    -Type Inbound -Priority 110 -Action Allow `
    -SourceAddressPrefix INTERNET -SourcePortRange '*' `
    -DestinationAddressPrefix VIRTUAL_NETWORK `
    -DestinationPortRange '3389' `
    -Protocol *

See this for a complete example.
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-dmz-nsg-asm/
0
 
LVL 2

Author Closing Comment

by:stlhost
ID: 41882089
Thank you I was looking for this.
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now