0
0
AzureConceptBeginner · 3 min read

What is NSG in Azure: Network Security Group Explained

In Azure, a Network Security Group (NSG) is a set of rules that controls inbound and outbound network traffic to resources like virtual machines. It acts like a security guard that allows or blocks traffic based on rules you define.
⚙️

How It Works

Think of an NSG as a gatekeeper for your cloud network. It watches the traffic trying to enter or leave your virtual machines or subnets and decides if it should be allowed or blocked based on rules you set. These rules look at things like the source and destination IP addresses, ports, and protocols.

Each rule in an NSG has a priority number, and the rules are checked in order from lowest to highest. The first rule that matches the traffic decides what happens. If no rules match, the traffic is blocked by default, keeping your resources safe.

💻

Example

This example shows how to create an NSG with a rule that allows inbound HTTP traffic on port 80 using Azure CLI.

bash
az network nsg create --resource-group MyResourceGroup --name MyNSG
az network nsg rule create --resource-group MyResourceGroup --nsg-name MyNSG --name AllowHTTP --priority 100 --direction Inbound --access Allow --protocol Tcp --destination-port-range 80
Output
Created NSG 'MyNSG' in resource group 'MyResourceGroup'. Created NSG rule 'AllowHTTP' allowing inbound TCP traffic on port 80.
🎯

When to Use

Use NSGs whenever you want to control network traffic to your Azure resources. For example, you can:

  • Allow web traffic to your web servers but block everything else.
  • Restrict access to a database server to only certain IP addresses.
  • Protect your virtual machines by blocking unwanted inbound or outbound connections.

NSGs help improve security by limiting exposure and reducing the attack surface of your cloud environment.

Key Points

  • NSGs control network traffic using rules based on IP, port, and protocol.
  • Rules have priorities; the first matching rule applies.
  • Default action is to deny traffic if no rules match.
  • NSGs can be applied to subnets or individual network interfaces.
  • They help secure Azure resources by filtering traffic.

Key Takeaways

An NSG is a security tool in Azure that controls network traffic with rules.
Rules in NSGs specify what traffic is allowed or denied based on IP, port, and protocol.
NSGs improve security by limiting access to your cloud resources.
You can apply NSGs to subnets or individual virtual machines.
By default, traffic not matching any rule is blocked for safety.

Related by keyword

How to Create a Resource Group in Azure: Simple StepsGetting StartedWhat is Azure Resource Group: Definition and UsageGetting StartedHow to Create a Group in Azure AD Quickly and EasilyAzure AD and IdentityWhat is Azure Security Center: Overview and UsageSecurityHow to Fix NSG Blocking Traffic in Azure: Simple StepsCommon Errors

Up next

What Is Partition Key in Cosmos DB: Simple Explanation and ExampleWhat is Request Unit in Cosmos DB: Explanation and UsageACI vs AKS: Key Differences and When to Use EachContainer Apps vs AKS vs ACI: Key Differences and When to Use Each

More in Networking

Azure Front Door vs Application Gateway: Key Differences and UsageHow to Configure a Custom Domain in Azure: Step-by-Step GuideHow to Create Network Security Group in Azure: Step-by-Step GuideHow to Create a Virtual Network (VNet) in Azure Easily