Step-by-Step Guide to Create and Configure Network Security Groups (NSGs) in Azure

Introduction to Network Security Groups (NSGs)

Network Security Groups (NSGs) are essential for controlling inbound and outbound traffic to Azure resources. They contain security rules that allow or deny traffic based on various parameters such as source IP address, destination IP address, port, and protocol.

Step 1: Sign in to the Azure Portal

1. Go to the Azure Portal.

2. Sign in with your Azure account credentials.

Step 2: Navigate to Network Security Groups

1. In the Azure portal, use the search bar at the top to search for "Network Security Groups."

2. Click on "Network Security Groups" from the search results.

Step 3: Create a New Network Security Group

1. Click on the "+ Create" button.

2. Fill in the required fields:

   • Subscription: Select the Azure subscription you want to use.

   • Resource Group: Choose an existing resource group or create a new one.

   • Name: Enter a name for your NSG (e.g., "MyNSG").

   • Region: Select the Azure region where you want to create the NSG.

3. Click on the "Review + create" button.

4. Review your settings and click "Create" to deploy the NSG.

Step 4: Configure Inbound Security Rules

1. After the NSG is created, navigate to it by clicking on its name in the list.

2. In the NSG settings, click on "Inbound security rules."

3. Click on the "+ Add" button to create a new inbound rule.

4. Fill in the rule details:

   • Source: Choose the source type (e.g., "Any," "IP Addresses," "Service Tags").

   • Source IP Addresses/CIDR Ranges: Specify the source IP or range if applicable.

   • Destination: Choose the destination type (e.g., "Any," "IP Addresses," "Virtual Network").

   • Destination IP Addresses/CIDR Ranges: Specify the destination IP or range if applicable.

   • Destination Port Ranges: Enter the port number or range (e.g., "80" for HTTP).

   • Protocol: Select the protocol (e.g., "TCP," "UDP," or "Any").

   • Action: Choose "Allow" or "Deny."

   • Priority: Assign a priority number (lower numbers have higher priority).

   • Name: Give the rule a descriptive name.

5. Click "Add" to create the rule.

Step 5: Configure Outbound Security Rules

1. In the NSG settings, click on "Outbound security rules."

2. Click on the "+ Add" button to create a new outbound rule.

3. Fill in the rule details similarly to the inbound rules:

   • Source: Choose the source type.

   • Destination: Choose the destination type.

   • Destination Port Ranges: Specify the port number or range.

   • Protocol: Select the protocol.

   • Action: Choose "Allow" or "Deny."

   • Priority: Assign a priority number.

   • Name: Give the rule a descriptive name.

4. Click "Add" to create the rule.

Step 6: Associate the NSG with a Resource

1. Navigate to the resource (e.g., a Virtual Machine) you want to associate with the NSG.

2. In the resource settings, find the "Networking" section.

3. Under "Network Security Group," select the NSG you created.

4. Save the changes.

Step 7: Review and Monitor NSG Rules

1. Return to the NSG settings to review the inbound and outbound rules.

2. Use the "Effective security rules" option to see which rules are applied to your resources.

3. Monitor traffic and adjust rules as necessary based on your security requirements.