Forum Discussion
nabi04
Jan 07, 2021Brass Contributor
Azure NSG insecure inbound/Outbound access rules
Hello all, my Azure subscription has security groups that allow unrestricted inbound or outbound access on port and protocol combinations. Allowing unrestricted inbound/ingress or outbound/egress acc...
ChrisBradshaw
Jan 07, 2021Iron Contributor
nabi04 Typically I would use specific rules for specific resources in NSG rules, rather than blanket policy.
For example your web server for "Application A" might want to accept incoming traffic from your AppGateway on port 443, and be able to talk to the database server for "Application A" on 1433. In contrast, the web server for "Application B" would have different rules because you don't want it to talk to the database server for "Application A".
The NSGs do come with default "allow all" rules, and these can be turned off by putting a "Deny All" at the bottom of your custom list of rules, on a low priority- 4,096. For example: