May 02 2019 04:11 PM
hello
I try create Azure Ad domain service in separate subnet and assign nsg to subnet , i want deny all and open only these port need to use for Azure domain service as join domain , ldap , powershell ...
picture below is default and it all all subnet in vnet can see all port .please guide help me to deny all and only open these port need using
Best Regards,
Thanks
May 03 2019 05:21 AM
May 03 2019 06:29 AM
Hello
Because default then all subnet can see Azure ADDS .
example as backend subnet then can see and join domain Azure ADDS but with DMZ subnet then i think need deny to see Azure ADDS . and also DMZ is public internet ,
and i see in on-premier then all subnet default will deny all and open IP to IP not all subnet , should I think in Azure as that , I am newbie azure .
please recommend help me best practice control traffic between all subnet in vnet ?
Best Regards,
Thanks
May 03 2019 03:35 PM
SolutionMay 08 2019 07:04 AM
@RodNet : I Still some not understand
As i understand then all subnet in azure will see all port as default to control portl between these subnet then need route traffic by UDR and to NVA (VM+ Firewall) ? and to do that need follow as step below ?
May 09 2019 10:08 AM
May 03 2019 03:35 PM
Solution