Creating network security group (NSG) rules in Azure

Written by

Under the topic

Dated:

March 3, 2024

Table Of Content

Creating Network Security Group (NSG) rules in Microsoft Azure involves defining inbound and outbound security rules to control traffic to and from Azure resources. Here's how you can create these rules:

Steps to Create NSG Rules in the Azure Portal

Log in to Azure Portal:
Go to and sign in.
Navigate to NSG:
- Search for "Network Security Groups" in the search bar.
- Select an existing NSG or create a new one by clicking + Create.
Go to Security Rules:
- Open the NSG you want to configure.
- Under Settings, choose Inbound security rules or Outbound security rules.
Add a Rule:
- Click + Add to create a new rule.
Define Rule Properties:
Fill in the following fields:
- Name: A unique identifier for the rule.
- Priority: A number between 100 and 4096. Lower numbers are processed first.
- Source: The traffic origin. Options include Any, IP Address, or Service Tag.
- Source port ranges: Specify ports or use * for all.
- Destination: The traffic destination. Options include Any, IP Address, or Service Tag.
- Destination port ranges: Specify ports or use * for all.
- Protocol: Choose TCP, UDP, or Any.
- Action: Choose Allow or Deny.
Save the Rule:
- Review the settings and click Add to save the rule.

Example Rules

Inbound Rule: Allow SSH (Port 22)

Name: Allow-SSH
Priority: 100
Source: Any
Source Port Range: *
Destination: Any
Destination Port Range: 22
Protocol: TCP
Action: Allow

Outbound Rule: Deny Internet Access

Name: Deny-Internet
Priority: 200
Source: VirtualNetwork
Source Port Range: *
Destination: Internet
Destination Port Range: *
Protocol: Any
Action: Deny

Using Azure CLI to Create NSG Rules

You can also create NSG rules using the Azure CLI:

Command to Create an NSG Rule


xxxxxxxxxx
12
1
az network nsg rule create \
2
  --resource-group <ResourceGroupName> \
3
  --nsg-name <NSGName> \
4
  --name <RuleName> \
5
  --priority <Priority> \
6
  --direction <Inbound|Outbound> \
7
  --access <Allow|Deny> \
8
  --protocol <Tcp|Udp|*|Any> \
9
  --source-address-prefixes <Source> \
10
  --source-port-ranges <SourcePorts> \
11
  --destination-address-prefixes <Destination> \
12
  --destination-port-ranges <DestinationPorts>

Example: Allow HTTPS


xxxxxxxxxx
12
1
az network nsg rule create \
2
  --resource-group MyResourceGroup \
3
  --nsg-name MyNSG \
4
  --name Allow-HTTPS \
5
  --priority 100 \
6
  --direction Inbound \
7
  --access Allow \
8
  --protocol Tcp \
9
  --source-address-prefixes * \
10
  --source-port-ranges * \
11
  --destination-address-prefixes * \
12
  --destination-port-ranges 443

Best Practices

Minimize Rules: Use as few rules as possible to simplify management.
Follow Least Privilege: Only allow necessary traffic.
Organize Priorities: Lower-priority rules take precedence over higher-priority ones.
Monitor Logs: Use NSG flow logs for monitoring and troubleshooting.

Learn about System Routes in Azure

In Azure, system routes are the default routes automati…

Know everything about Azure Virtual Network &#8…

An Azure Virtual Network (VNet) is one of the foundatio…

Detailed guide on implementing Public Load Bala…

Implementing a Public Load Balancer in Azure involves s…

What is Routing in Azure

Routing in Azure is the process of directing network tr…

Tags attached to this Post

About the Author

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.