Forum Discussion
VM with two NICs
Hi, I have a use case for Azure VMs to separate management and application traffic. So in effect, one NIC for management and another for application. The application VMs would reside on VNET-A an...
You can still separate management and application traffic securely using these approaches:
- Use Subnets Within the Same VNet
- Create VNet-A with:
- Subnet-1 for application traffic
- Subnet-2 for management traffic
- Attach each NIC to a different subnet
- Apply Network Security Groups (NSGs) to isolate traffic
- Use VNet Peering
- Keep VNet-A and VNet-B separate
- Peer them together
- Deploy a network virtual appliance (NVA) or firewall to route and inspect traffic between NICs
- Use Azure Firewall or NVA
- Insert a firewall between subnets or VNets
- Control traffic flow with rules and route tables
- This gives you granular control over what management traffic can reach application VMs
- Use Private Endpoints or Bastion
- For management access, use Azure Bastion or Private Endpoints
- Avoid direct NIC exposure and reduce attack surface