This post is part 2 of a small series and stems from this post https://marckean.com/2016/05/17/azure-resource-groups-networks/ This post discussed Azure Resource Groups and splitting all IaaS Azure resources across multiple Azure Resource Groups for an easy way to delete targeted resources and easy of delegating admin.
This post focuses on NSGs (Network Security Groups). A quick re-cap, with ARM based NSGs…
- …you can apply a NSG to both a subnet or a NIC
- The order of the NSG rules that are applied are NSG rules attached to a virtual network subnet and then a NIC. Once there’s a match, it takes that
- Each NSG can contain up to 400 rules
As per our targeted architecture diagram below of what we’re building in Azure, I include a PowerShell script further below to fully setup two NSGs, one NSG that is attached to the DMZ subnet and the other NSG which will be attached to the Internal subnet.