Azurecloud~30 mins

Network Security Groups (NSG) in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Network Security Groups (NSG) Setup in Azure

📖 Scenario: You are setting up a simple network security group (NSG) in Azure to control traffic to a virtual machine. This NSG will allow HTTP traffic and block all other inbound traffic by default.

🎯 Goal: Create an Azure Network Security Group (NSG) with a rule that allows inbound HTTP traffic on port 80 and denies all other inbound traffic.

📋 What You'll Learn

Create a Network Security Group resource named myNSG.

Add a security rule named AllowHTTP that allows inbound TCP traffic on port 80.

Set the priority of AllowHTTP rule to 100.

Ensure the default inbound rule denies all other inbound traffic.

💡 Why This Matters

🌍 Real World

Network Security Groups are used in Azure to control inbound and outbound traffic to resources like virtual machines, improving security by allowing only necessary traffic.

💼 Career

Understanding NSGs is essential for cloud engineers and network administrators to secure cloud infrastructure and comply with organizational security policies.

Progress0 / 4 steps

Create the Network Security Group resource

Create an Azure Network Security Group resource named myNSG with location eastus and an empty securityRules list.

Azure

# Create the NSG resource with name 'myNSG' and location 'eastus'
# Your code here

Need a hint?

Use the Azure resource type Microsoft.Network/networkSecurityGroups and set securityRules to an empty list.

Add a security rule to allow HTTP inbound traffic

Add a security rule named AllowHTTP inside the securityRules list of myNSG. This rule should allow inbound TCP traffic on port 80 with priority 100 and direction Inbound.

Azure

{
  "type": "Microsoft.Network/networkSecurityGroups",
  "apiVersion": "2022-05-01",
  "name": "myNSG",
  "location": "eastus",
  "properties": {
    "securityRules": [
      {
        // Add the AllowHTTP rule here
      }
    ]
  }
}

Need a hint?

Define the rule with name, priority, protocol, access, direction, and port ranges.

Add a default deny inbound rule

Add a security rule named DenyAllInbound with priority 4096 that denies all inbound traffic. Place this rule inside the securityRules list after the AllowHTTP rule.

Azure

{
  "type": "Microsoft.Network/networkSecurityGroups",
  "apiVersion": "2022-05-01",
  "name": "myNSG",
  "location": "eastus",
  "properties": {
    "securityRules": [
      {
        "name": "AllowHTTP",
        "properties": {
          "priority": 100,
          "protocol": "Tcp",
          "access": "Allow",
          "direction": "Inbound",
          "sourceAddressPrefix": "*",
          "sourcePortRange": "*",
          "destinationAddressPrefix": "*",
          "destinationPortRange": "80"
        }
      },
      {
        // Add DenyAllInbound rule here
      }
    ]
  }
}

Need a hint?

The deny rule should block all protocols and ports with a high priority number.

Complete the NSG configuration

Ensure the entire Network Security Group JSON includes both AllowHTTP and DenyAllInbound rules inside the securityRules list under properties. The NSG name must be myNSG and location eastus.

Azure

{
  // Verify the full NSG JSON includes both rules and correct name and location
  // Your code here
}

Need a hint?

Double-check the NSG name, location, and that both rules are present in the securityRules list.