How To Control The Network Traffic To And From The Web Application

Hyacienth Ugochukwu - Sep 3 - - Dev Community

This is a continuation of my previous post.

Here, we will be talking about;

  • Creating an NSG
  • Creating NSG rules
  • Associating an NSG to a subnet
  • Creating and using Application Security Groups in NSG rules.

What is NSG: In Azure, a Network Security Group (NSG) is a tool that controls network traffic in a virtual network (VNet) using rules to allow or deny access. NSGs are a key component of Azure's security fabric. 
Also, in Azure, a network security group (NSG) rule is a security rule that controls network traffic to and from Azure resources. NSG rules can allow or deny traffic based on conditions such as: 

  • Source and destination: The IP addresses of the source and destination 
  • Ports: The ports or range of ports that initiate network traffic 
  • Protocols: The protocol used for the network traffic 

Here are some other things to know about NSG rules: 

  • Priority: Each rule in an NSG collection must have a unique priority number between 100 and 4096. The lower the number, the higher the priority. 
  • Direction: Rules can be set to apply to either inbound or outbound traffic. 
  • Action: Rules can be set to "Allow" or "Deny". 
  • Logging: Logging can be enabled for an NSG to collect information about which rules are applied to virtual machines, and how often each rule is applied. 
  • Default rules: NSGs contain default rules that can't be deleted, but can be replaced by user-created rules. 

First, we will create an Application Security Group
An application security group (ASG) enables you to group servers with similar functions, such as web servers.

  1. In the search box at the portal's top, enter Application security group. Select Application security groups in the search results.
  2. Select + Create.

On the Basics tab of Create an Application Security Group, enter the information listed below:

Property Value
Subscription Select your subscription
Resource group YOUR RESOURCE GROUP
Name app-backend-asg
Region East US

  1. Select Review + Create and then select Create.

Note: You are creating the application security group in the same region as the existing virtual network.

Then you Create and Associate the Network Security Group
A network security group (NSG) secures network traffic in your virtual network. NSGs contain a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated with subnets and/or individual network interfaces attached to Azure Virtual Machines (VM).

  1. In the search box at the portal's top, enter Network security group. Select Network security groups in the search results.
  2. Select + Create.

On the Basics tab of Create Network Security Group, enter the information as listed below:

Property Value
Subscription Select your subscription
Resource group YOUR RESOURCE GROUP
Name app-vnet-nsg
Region East US

  1. Select Review + Create and then select Create.

In this section, you associate the network security group with the subnet of the virtual network you created earlier.

  1. In the search box at the portal's top, enter Network security group. Select Network security groups in the search results.
  2. Select app-vnet-nsg from the list of network security groups.
  3. Select Subnets from the Settings section of app-vnet-nsg.
  4. In the Subnets page, select + Associate
  5. Under Associate subnet, select app-vnet (RG1) for Virtual network. and select Backend for Subnet, and then select OK.

Time to Create Network Security Group Rules
A network security group (NSG) secures network traffic in your virtual network.

  1. In the search box at the portal's top, enter Network security group. Select Network security groups in the search results.
  2. Select app-vnet-nsg from the list of network security groups.
  3. Select Inbound security rules from the Settings section of app-vnet-nsg.
  4. Select + Add.
  5. On the Add inbound security rule page, enter the information as listed below:

Property Value
Source Any
Source port ranges *****
Destination Application Security group
Destination application security group app-backend-asg
Service SSH
Action Allow
Priority 100
Name AllowSSH

Next is to deploy an ARM template using Cloud Shell to create the VMs needed for this exercise

  1. In the Azure portal, open the Azure Cloud Shell by selecting the icon in the top right of the Azure Portal.
  2. If prompted to select either Bash or PowerShell, select PowerShell.

Note: If this is the first time you are starting Cloud Shell and you are presented with the You have no storage mounted message, select the subscription you are using in this lab, and select Create storage.

  1. Deploy the following ARM template using Cloud Shell to create the VMs needed for this exercise:

Code

$RGName = "RG1"

   New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateUri https://raw.githubusercontent.com/MicrosoftLearning/Configure-secure-access-to-workloads-with-Azure-virtual-networking-services/main/Instructions/Labs/azuredeploy.json
Enter fullscreen mode Exit fullscreen mode
  1. To verify that both the VM1 and VM2 virtual machines are running, navigate to the RG1 resource group and select VM1.
  2. Validate that the status of the virtual machine is Running.
  3. Repeat the previous step for VM2.

Finally, Associate the application security group to the network interface of the VM
When you created the VMs, Azure created a network interface for each VM and attached it to the VM.

Add the application security group you created previously to the network interface of VM2.

  1. In the Azure portal, navigate to the RG1 resource group and select VM2.
  2. Navigate to the networking tab of the VM, and select + Add application security groups from the Application security groups section.
  3. Select app-backend-asg from the list of application security groups.
  4. Select Add
Image
Create and configure a storage account for Azure Files. Part 2
Image
Blog x Newsletter

newsletter, writing, productivity, blogging
Image
How to Maintain and Troubleshoot Your Cash Drawer: Tips for Longevity and Performance
Image
Precise Capture and Privacy Protection: Exploration of the Application of Residential Proxies in the Streaming Industry

productivity
Image
How Do You Resolve Netflix Error Code? A Step-by-Step Guide to Fix Common Issues

netflixerrorcodes
Image
Advancing Radiology with AI: Enhancing Diagnostics through Machine Learning

healthtech, ai, machinelearning, radiologyai
Image
Minecraft 1.21.30 APK Game -Download Free For Android

minecraft, webdev, javascript, tutorial
Image
Create and configure a storage account for Azure Files.
Image
An efficient tool to help you bulk delete tweets

productivity, news, startup, webdev
Image
Lakshmi Crackers - One of the Best High Quality Crackers in Sivakasi

sivakasi, lakshmicrackers
Image
Novel Weakly Supervised Learning for Accurate Facial Wrinkle Segmentation in Cosmetic Dermatology

machinelearning, ai, beginners, datascience
Image
Why Hiring a Shopware Developer is a Smart Investment for Your E-Commerce Business

webdev, softwaredevelopment, startup
Image
Schrodinger's Memory: The Uncertain Nature of Large Language Model Cognition

machinelearning, ai, beginners, datascience
Image
Deep Learning: A Powerful Tool for Economic Analysis and Prediction

machinelearning, ai, beginners, datascience
Image
Optimizing API Calls in Backend Integration: A Developer's Guide

api, backend, webdev, performance
Image
Does ChatGPT Help or Harm Coding Education? Research Study Explores Learning Impact

machinelearning, ai, beginners, datascience
Image
GitHub Copilot boosts collaborative coding but widens origination-iteration gap: Open-source study

machinelearning, ai, beginners, datascience
Image
What Did I Do? A Time-Tracking Problem

webdev, git
Image
Discovering the PnP Property Code Editor control in SPFx

development, pnp, spfx, pnpspfxpropertycontrol
. . . . . . . . . . . . . . . .
Terabox Video Player