Some things I learned recently whilst troubleshooting a customer’s network security group (NSG) configuration.
The default configuration of all NSGs includes 3 inbound and outbound rules which is something to be aware of. You can vizualise these rules in the Azure portal or with the following PowerShell. The default rules cannot be disabled but can be overridden by creating rules with a lower priority (read higher number!).
Choose a resource group
$nsgName = ‘<NSGNAME>’
$rgName = (Get-AzureRmResourceGroup | Out-GridView -Title ‘Select Azure Resource Group:’ -PassThru).ResourceGroupName
Display default rules
(Get-AzureRmNetworkSecurityGroup -Name $nsgName -ResourceGroupName $rgName).DefaultSecurityRules | Select-Object * | Out-GridView
Display custom rules
(Get-AzureRmNetworkSecurityGroup -Name $nsgName -ResourceGroupName $rgName).SecurityRules | Select-Object * | Out-GridView
By default no inbound traffic is allowed except for requests from any Azure load balancers which may have been provisioned.… [Keep reading] “Troubleshooting Azure Network Security Groups”