Network Security Groups (NSGs)
Network Security Groups (NSGs) are stateful firewall rules that you can apply to Azure resources. They control inbound and outbound network traffic.
Key Features
- Stateful Firewall: NSGs track connections, allowing traffic that has been initiated from within the Azure resource.
- Rule-Based: Rules are based on IP addresses, ports, and protocols.
- Application-Based: Define NSGs based on the applications running on your virtual machines.
- Azure Resource Manager: Manage NSGs through the Azure portal, Azure PowerShell, or Azure CLI.
NSG Rules
NSG rules are configured using a source, destination, port, and protocol. You can also define actions, which can be 'Allow' or 'Deny'.
| Source | Destination | Port | Protocol | Action |
|---|---|---|---|---|
| Any | Any | 80 | TCP | Allow |
| 192.168.1.0/24 | Any | 443 | TCP | Deny |
Best Practices
- Start with a Deny-All rule to secure your network.
- Use the principle of least privilege, only allowing the necessary traffic.
- Monitor NSG traffic using Azure Monitor.