Network Security Groups attached to a NIC

Ezequiel De Luca 1 Reputation point
2021-05-27T15:47:32.29+00:00

Hi:

We are investigating which are the current Effective Security Rules that are applied to a Network Interface(NIC). We are aware that we can achieve this using a REST API call: Network Interfaces - List Effective Network Security Groups - REST API

Our concerns are the following ones:

  1. How many Network Security Groups (NSG) can be attached to a NIC? Which is the current limit, or there is no limit at all?
  2. When there are multiple NSGs attached to a NIC and those NSGs have different rules with the same priority how are they applied? How Azure make the merge of them?
  3. Is there additional complexity added if a SubNet is also linked to them?
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
600 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,266 Reputation points Microsoft Employee
    2021-06-01T14:17:06.06+00:00

    How many Network Security Groups (NSG) can be attached to a NIC? Which is the current limit, or there is no limit at all?

    One

    When there are multiple NSGs attached to a NIC and those NSGs have different rules with the same priority how are they applied? How Azure make the merge of them?

    Only one NSG per NIC is allowed

    Is there additional complexity added if a SubNet is also linked to them?

    You can associate NSG to subnet and NIC. The effective security rules of both is applied to the VM