Network security group configuration for virtual machines

I like Azure, and since I worked with it in anger last a few years ago Microsoft have revised their portal (twice) and added lots and lots of new features. One that I really like is the “resource group” which is a way to logically group together Azure resources.

Inside a resource group it’s possible to create a Network Security Group. This is a neat container for combining together firewall rules and routing between network interfaces.

And this is where it all goes a bit wrong.

Specifically, I’m a developer by background, and I know enough about networking to figure out CIDR notation (mostly) but not routing or BGP or all of that stuff. (And to be fair I never did really get the hang of regular expressions, either.)

So when I’m given a dialog like so:

Security group definition

 

I’ll happily fill in the “source port” to be port 80 as well as the destination port. Whoops!

So it turns out that the source port outbound from a Web browser might be anything. It’s only the destination that we’re interested in. So we need to complete this like so for things to work:

Inbound rules as they should be

Once I’d done that all was well. At least, if you’re reading this, all is well…

Author: Jeremy McGee

I write software, and try to help others do the same.

1 thought on “Network security group configuration for virtual machines”

Comments are closed.