Azure Documentation

Create a Network Security Group (NSG)

Network Security Groups (NSGs) contain a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Network. NSGs can be associated with subnets or individual network interfaces.

Using the Azure Portal

The Azure portal provides a graphical interface for creating and managing NSGs. Follow these steps:

  1. Sign in to the Azure portal.
  2. In the search bar at the top, type Network security groups and select it from the results.
  3. On the Network security groups page, select + Create.
  4. On the Basics tab, configure the following settings:
    • Subscription: Select your Azure subscription.
    • Resource group: Select an existing resource group or click Create new to create one.
    • Name: Enter a unique name for your network security group.
    • Region: Select the Azure region where you want to create the NSG.
  5. Click Review + create.
  6. After validation passes, click Create.

Using Azure CLI

You can create an NSG using the Azure Command-Line Interface (CLI). First, ensure you have the Azure CLI installed and are logged in.

To create a new NSG in a specific resource group and region:

az network nsg create \
  --resource-group MyResourceGroup \
  --name MyNsg \
  --location eastus

Using Azure PowerShell

Alternatively, you can use Azure PowerShell to create an NSG:

New-AzNetworkSecurityGroup `
  -Name "MyNsg" `
  -ResourceGroupName "MyResourceGroup" `
  -Location "East US"
Important: When you create an NSG, it comes with default rules that allow all outbound traffic and deny all inbound traffic. You will need to add custom rules to permit specific inbound traffic.

Next Steps

Once you have created your NSG, you will typically want to associate it with a subnet or network interface and then add security rules to define network traffic flow.

Next: NSG Rules