20_Internet_Gateway_Control_In Azure - Nirvan-Pandey/Azure_DOC GitHub Wiki
20_1 Internet Gateway Control in Azure
This GitHub lab demonstrates how to control outbound internet access and inbound VM access using Azure Network Security Group (NSG) rules. This hands-on guide focuses on two main use cases:
Restricting internet access for a VM to a specific IP address (e.g., a known Google IP)
Allowing VM access (SSH/RDP) from only your personal device
20_2: Introduction
In many enterprise or secure personal environments, it's important to restrict open internet access from cloud VMs. By default, any VM deployed with a public IP in Azure can reach any address on the internet. In this lab, we configure the NSG to:
-
Block all internet traffic
-
Allow only specific trusted IPs
-
Limit who can access the VM from outside
20_3: Default Network Setup
- Virtual Network (VNet): Created with one public subnet
- Virtual Machine (VM): Deployed in this public subnet
- Network Security Group (NSG): Associated with the VM NIC or subnet
20_4: Test Initial Internet Access
- Login to the VM and run:
ping google.com
โ You should get successful replies.
โ 20_5: Deny All Outbound Access
Add an NSG rule to deny all outbound traffic:
Priority: 310
Source/Destination: Any
Port: *
Action: Deny
- Now try pinging again:
ping google.com
๐ซ Ping should fail.
โ 20_6: Allow Specific IP Only
-
Add a new NSG rule before the deny rule:
-
Priority: 304
-
Destination: e.g., 8.8.8.8 (Google DNS)
-
Port: *
-
Action: Allow
- Test it:
ping 8.8.8.8
โ This should succeed.
๐ 20_7: Restrict Inbound Access to Your Personal IP
-
To restrict RDP/SSH access:
-
Find your public IP (use https://whatismyip.com/)
-
Add an inbound rule with:
-
Priority: 100
-
Source: Your IP
-
Port: 22 (SSH) or 3389 (RDP)
-
Action: Allow
We are able to open VM from my Laptop IP and able to ping google.
๐งช 20_8: Final Verification
VM can access only the allowed IP (e.g., 8.8.8.8)
SSH or RDP access is restricted to your device
All other outbound access is blocked
๐ 20_9: Conclusion
This lab helps you simulate a secure environment by creating granular egress and ingress control using Azure NSG rules. Ideal for scenarios where controlled internet access and limited administrative entry is required.