Creating a Network Security Group with Inbound and Outbound Rules in Azure

After you follow these steps, you will have a better understanding of the different components of the Network Security Group and how to use the Network Security Group with the intention of protecting your Azure infrastructure.

Login to Azure Portal and login to the Virtual Machine via RDP

Click on the Virtual Machine

Copy either the DNS name or the public IP address that you see in the overview section

Paste in the IP Address into the Microsoft Remote Desktop App

Enter the Username and Password forthe Virtual Machine

Accept the certificate

Create Network Security Group called NSG-WEB-South-Central

Type “Network Security Group” without the quotes

In the Network Security Groups, Click on “Add”

Type in NSG-WEB-South-Central as the name and change Location to “South Central US”

Once deployed, click on go to resource at the top right so you are ready for the next task.

Add inbound rules on NSG-WEB-South-Central to deny traffic on port 80 allow traffic on 443 and allow traffic on 3389

Add a New Inbound Security Rule

Change port to “80”, and change name to “http-deny”, and click on “Deny”

Add a New Inbound Security Rule

Change port to 443, and change name to “https-allow”, and click on “Allow”

Add a New Inbound Security Rule

Change port to 3389 and change name to “RDP-allow”, and click on “Allow”

Assign NSG “NSG-WEB-South-Central” to Virtual Machine

Click on Network Interfaces on the NSG that we created.

Click on “Associate”

Then select the interface “lab-NIC”

You will then see become associated below


You will need to disassociate “lab-NSG” network security group.

Add role(Management tools–>IIS Management Console

Go back to the RDP session for your Virtual Machine Click on Server Manager. Within the Dashboard, click on Add roles and features

Click “Next”

Click on “Web Server (IIS)”

Click on “Add Features”

Click on “Install”

After completion, you can click on “Close”

Go to default website in IIS and add port 443 using SNI and the default SSL certificate

Click Start, Go to Administrative Tools, then Internet Information (IIS) Manager

Click on “Bindings”

Click on “Add”

Change Type to “https”, add 443 to port, copy the DNS from Azure Portal, check “Require Server Name Indication”

Select whatever certificate is available

Test

Open up a web browser and type your DNS name for the Virtual Machine(it should be proceeded with http://). If everything is working correctly you should not be able to access the website via http. Then put https:// infront of the DNS name and you should see some type of page.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A WordPress.com Website.

Up ↑

%d bloggers like this: