Forum Discussion
Solved
Network Security Groups
After looking at Azure Security Center recommendations that not all my VM's have NSG's and probably a policy I need to create requiring it. On the ones that do created there are three rules that are...
- Hi,
take a look at my blog post:
http://cloudblogger.at/2019/05/11/azure-loadbalancer-acl-rules/
The last rule will affect, when you have a public IP (VM, LB,..)
If you want to drop any traffic to the IP, you have to define a separate drop rule with the priority 4096 but keep in mind, when you drop ANY you cannot create a loadbalancer because the health checks will also be dropped.
If the azure NSGs doesn't fit your requirements you can use an Azure Firewall or a third party application like CheckPoint, Cisco ASA,...
Regards,
Hannes
That was a good blog post.
I currently am using a NGFW inside of Azure, but because I don't have security groups applied to ever VM, it gives me a recommendation about it.
Hi,
my recommendation to NSGs is, always bound to a subnet and only in special situations to a VM nic.
Regards,
Hannes
my recommendation to NSGs is, always bound to a subnet and only in special situations to a VM nic.
Regards,
Hannes