Control Traffic Flows

By default traffic can freely flow within a virtual network and to any connected network
To segment and control traffic within a VNet, between networks and/or external a number of approaches can be utilised
- Azure Firewall or NVA
- Network Security Groups, Application Security Groups and Service Tags
NSGs can be applied at the subnet or NIC level but are always enforced at the NIC
- so apply at subnet level, easier to manage
- each subnet can have max 1 NSG assigned to it
- each NIC can have 0 or max 1 NSG associated with it
NSGs are made up of rules based on IP ranges/tags, ports and actions
ASGs are tags applied to NICs which can be used instead of IP ranges in rules which may be easier to utilize.

references:

Subscribe to NordLetter

A weekly newsletter on living in Finland.

← Back to Til

UPDATED April 14, 2024 at 11:04

Thoughts? Email sajal@sajalchoudhary.net

4 Backlinks

Network Virtual Appliance

TIL

Network Security Groups

TIL

Azure Firewall

TIL

Azure Master

TIL