Forum Discussion

kellybush's avatar
kellybush
Copper Contributor
Jul 01, 2020

MS Guidance on NSGs on NICs vs on Subnets

I'm looking for any MS best practices around NSGs on network cards and I can't seem to find any.  I've found the NSG best practices but I haven't found any on if it's best practice to have NSGs on ju...
best practices
nsg
security
Rolf-42's avatar
Rolf-42
Iron Contributor
Jul 03, 2020

kellybush Normally you will get the typical consultancy answer which is: It depends.
Joke aside. What I normally try to find is common rules the systems need. If several systems in a subnet need the same ruleset I would put the NSG on the subnet. If it is just one special system and the the rules should not apply to every other system in the same subnet the NSG goes to the NIC.
Just be careful when you want to use it on both levels, NIC and subnet (one on each NIC and a 2nd NSG on the subnet). The rules tend to accumulate on the NSG attached to the subnet because of the various requirements of the systems within the subnet. Can get a little bit messy when you have a lot of different rules for many different systems. After all a NSG is not a firewall.
I hope that helps
Cheers

Rolf

#MCT #LearnWithRolf #TheCloud42

Resources