![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 99%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
486 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hi @BHaist
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
Please follow the below steps to achieve your requirement:
Configure a NSG Inbound rule:
- Allow Port 1700 from Any Source
- Priority: Lower number (like 100) to ensure it evaluated first.
- Source: Any
- Source Port Ranges: *
- Destination: Any (or your VM's IP address if you prefer)
- Destination Port Ranges: 1700 Protocol: TCP or UDP (depending on your Chirpstack configuration)
- Action: Allow
Deny All Other Inbound Traffic (Default Rule)
- Priority: Higher number (like 65500) to be evaluated last.
- Source: Any
- Source Port Ranges: *
- Destination: Any Destination Port Ranges: *
- Protocol: Any
- Action: Deny
Please refer the document for NSG and how NSG filter the traffic.
NSGs themselves don't directly handle domain names or HTTPS termination. For HTTPS, you'll need a load balancer or Application Gateway.
To allow traffic via the domain name and HTTPS, you need a service that can handle the SSL/TLS certificate and direct traffic to your VM based on the domain name in the request.
Application Gateway is a good solution if you need advanced features like WAF, URL-based routing, and SSL termination. Otherwise, if you need a simpler solution, you can go for Azure Load Balancer which can handle SSL termination and basic load balancing. However, it doesn't provide the same advanced features as Application Gateway.
Let's take an example with Application Gateway, deploy an Application Gateway with public IP address and set up the listener to listen on port 443 (HTTPS) and associate an SSL certificate. Next add your VM's IP address to the backend pool and configure a rule that routes traffic to the backend pool based on the domain name in the host header.
Once you're ready to whitelist IPs for other ports, determine which ports need whitelisting and create new rules with higher priority than the "Deny All" rule. In the new rules, specify the specific IP addresses you want to allow.
Make sure your domain name is properly configured in Azure DNS (or your chosen DNS provider) to point to the public IP address of your Application Gateway, and you will need an SSL certificate for HTTPS. You can use Azure Key Vault to manage certificates and try to test your setup after making changes to make sure that the traffic is being routed correctly.
I hope this has been helpful!
Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!