Solved

Azure network security group

Posted on 2016-11-09
2
35 Views
Last Modified: 2016-11-10
Question about inbound rules on network security group.  I have 22 network ranges so does this mean I have to add 22 separate (same port) inbound rules for each CIDR block I want to allow in?
0
Comment
Question by:stlhost
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 41881439
You should have the NSG rule to cover the subnet ranges for the inbound traffic. In fact, it depends on how you create the label for each NSG, you will need to have rule applies across each NSG.

For example, first a Network Security Group must be built to hold the rules:

New-AzureNetworkSecurityGroup -Name $NSGName `
    -Location $DeploymentLocation `
    -Label "Security group for $VNetName subnets in $DeploymentLocation"

Once the NSG is done, you can have rule applies to NSG according to the subnets for inboung traffic. You repeat for other NSG if any.

For example, this rule will allow RDP traffic to flow from the internet to the RDP port on any server on either subnet in the VNET. This rule uses two special types of address prefixes; “VIRTUAL_NETWORK” and “INTERNET”. This is an easy way to address a larger category of address prefixes.

Get-AzureNetworkSecurityGroup -Name $NSGName | `
    Set-AzureNetworkSecurityRule -Name "Enable RDP to $VNetName VNet" `
    -Type Inbound -Priority 110 -Action Allow `
    -SourceAddressPrefix INTERNET -SourcePortRange '*' `
    -DestinationAddressPrefix VIRTUAL_NETWORK `
    -DestinationPortRange '3389' `
    -Protocol *

See this for a complete example.
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-dmz-nsg-asm/
0
 
LVL 2

Author Closing Comment

by:stlhost
ID: 41882089
Thank you I was looking for this.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now