Creating NSG to block access between subnet

Salves 501 Reputation points
2020-09-06T04:01:33.943+00:00

Hi,

I need to free access between subnet for essential windows services like (ARP, Netbios, Domain Client and etc) this for basic operation between subnet.

However, the main objective is to release only accesses for example:

  • NSG Web - Web Application only port 80, 443
  • NSG Database - SQL Server only port1433

Is there a basic template to guarantee this basic communication between virtual machines?

Thank you.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,263 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Didier3001 986 Reputation points Microsoft Employee
    2020-09-06T11:10:30.947+00:00

    Hi @Salves

    A good starting point I guess would be the article below. It is not the same design but the concept will be very similar:
    https://video2.skills-academy.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain

    For Azure services, you can also use built-in Service Tags in the NSG but unfortunately, they don't have one for your specific scenario but this is still an important one to know to make your life easier at managing rules:
    https://video2.skills-academy.com/en-us/azure/virtual-network/service-tags-overview

    You will also find additional information on the following articles:
    http://www.gi-architects.co.uk/2015/10/clientserver-to-domain-controller-dc-ports-for-azure-nsg-firewall/
    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

    --I hope this helps. Please do not forget to "Accept the answer" and "Up-Vote" the answer or message(s) that helped you so that it can help others in the community looking for help on similar topics

    Regards,
    Didier3001