Share via

Configure Azure NSG – Network Security Group

  • Article

Once your VM is deployed, it's ready to be used for whatever purpose you have for it. But you'll probably want some of VMs to be accessible from outside your VNet, especially if this VM is webserver with IIS role installed.

For this we need to configure NSG - Network Security Group. NSG contains a list of Access Control List (ACL) rules that allow or deny specific traffic on your VM in your VNet. NSG can be associated with either subnet in VNet or individual VM instance where subnet rule applies to entire subnet and individual rule applies to specific VM.

In this case we'll talk about opening port 80 (HTTP) so your webserver can be accessed over internet. I also got lot of questions about this specific subject (in person, e-mail, forums) as a lot of people have issue setting up HTTP in ARM.

First go to 'Virtual Machines' in Azure portal.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/1-2.jpg

Select VM with IIS role from list of your VMs.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/2-2.jpg

In new tile, select 'Network Interfaces'.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/3-2.jpg

Click on your network interface.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/4-2.jpg

In new tile select 'Network Security Group'.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/5-1.jpg

Select security group to edit.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/6-1.jpg

In new tile, select 'Inbound security rules'.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/7-1.jpg

Click 'Add' and wait for new tile to open.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/8-1.jpg

You need to enter parameters for new rule. First enter name for your rule ('http' in this case but can be anything, I just find it easier to manage when name tells me what it's about), set priority to '100', Source to 'Any', leave service as 'Custom', set protocol to 'Any', enter 80 for port range and set action to allow. Finally click OK and wait for few seconds (this can vary but usually it's created under 1 minute).

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/9-1.jpg

Once your rule is created, go to your VM overview page and check your Public IP address/ DNS name.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/10-1.jpg

Enter your IP address to browser and here it is - your IIS server is accessible from internet and ready to be used.

http://toroman.azurewebsites.net/wp-content/uploads/2016/09/11-1.jpg