20_Internet_Gateway_Control_In Azure - Nirvan-Pandey/Azure_DOC GitHub Wiki

20_1 Internet Gateway Control in Azure

This GitHub lab demonstrates how to control outbound internet access and inbound VM access using Azure Network Security Group (NSG) rules. This hands-on guide focuses on two main use cases:

Restricting internet access for a VM to a specific IP address (e.g., a known Google IP)

Allowing VM access (SSH/RDP) from only your personal device

20_2: Introduction

In many enterprise or secure personal environments, it's important to restrict open internet access from cloud VMs. By default, any VM deployed with a public IP in Azure can reach any address on the internet. In this lab, we configure the NSG to:

  • Block all internet traffic

  • Allow only specific trusted IPs

  • Limit who can access the VM from outside

20_3: Default Network Setup

  • Virtual Network (VNet): Created with one public subnet

image

  • Virtual Machine (VM): Deployed in this public subnet

image

  • Network Security Group (NSG): Associated with the VM NIC or subnet

image

20_4: Test Initial Internet Access

  • Login to the VM and run:

ping google.com

โœ… You should get successful replies.

image

โŒ 20_5: Deny All Outbound Access

Add an NSG rule to deny all outbound traffic:

Priority: 310

Source/Destination: Any

Port: *

Action: Deny

image

  • Now try pinging again:

ping google.com

๐Ÿšซ Ping should fail.

image

โœ… 20_6: Allow Specific IP Only

  • Add a new NSG rule before the deny rule:

  • Priority: 304

  • Destination: e.g., 8.8.8.8 (Google DNS)

  • Port: *

  • Action: Allow

image

  • Test it:

ping 8.8.8.8

โœ… This should succeed.

image

๐Ÿ” 20_7: Restrict Inbound Access to Your Personal IP

image

  • Add an inbound rule with:

  • Priority: 100

  • Source: Your IP

  • Port: 22 (SSH) or 3389 (RDP)

  • Action: Allow

image

We are able to open VM from my Laptop IP and able to ping google.

image

๐Ÿงช 20_8: Final Verification

VM can access only the allowed IP (e.g., 8.8.8.8)

SSH or RDP access is restricted to your device

All other outbound access is blocked

๐Ÿ“˜ 20_9: Conclusion

This lab helps you simulate a secure environment by creating granular egress and ingress control using Azure NSG rules. Ideal for scenarios where controlled internet access and limited administrative entry is required.