Create & Configure NetworkSecurityGroup

🎯 Objective

Create and configure a Network Security Group (NSG) to control inbound and outbound traffic for resources in a virtual network.

🧠 What is a Network Security Group (NSG)?

A Network Security Group (NSG) is a firewall in Microsoft Azure that filters traffic based on rules.

👉 It controls:

📊 NSG Rule Components

🏗️ How It Works

Internet → NSG → Subnet / VM → Application

🛠️ Step 1: Create NSG (Azure Portal)

1. Go to Azure Portal

1. Search: Network Security Group

1. Click Create

Fill details:

Click Review + Create → Create

🔗 Step 2: Associate NSG

You can attach NSG to:

Option A: Subnet (Recommended)

1. Go to Virtual Network

1. Select Subnets

1. Choose subnet

1. Attach NSG

Option B: Network Interface (NIC)

1. Go to Virtual Machine

1. Select Networking

1. Click Network Interface

1. Attach NSG

🔓 Step 3: Add Inbound Rules

Go to:

👉 NSG → Inbound Security Rules → Add

Allow SSH (Port 22)

Allow HTTP (Port 80)

Allow HTTPS (Port 443)

🚫 Step 4: Understand Default Rules

Azure NSG already includes:

👉 Custom rules must have higher priority (lower number)

🧪 Step 5: Verify Access

From local machine:

ssh azureuser@<public-ip>
curl http://<public-ip>
curl-k https://<public-ip>

🔐 Security Best Practices

🔁 NSG vs Security Group (AWS)

🧾 Command (Azure CLI - Optional)

Create NSG:

az network nsg create \
--resource-group <RG_NAME> \
--name nautilus-nsg

Add rule:

az network nsg rule create \
--resource-group <RG_NAME> \
--nsg-name nautilus-nsg \
--name Allow-SSH \
--protocol Tcp \
--direction Inbound \
--priority1000 \
--destination-port-range22 \
--access Allow

📌 Key Notes

✅ Outcome