6_1: Introduction

Managing port rules in Azure Network Security Groups (NSGs) is crucial for securing virtual machines and resources. NSGs control inbound and outbound

traffic based on rules, ensuring only authorized communication occurs within the network.

6_2: Understanding NSG Rules

Inbound Rules - Define allowed traffic into Azure resources.

Outbound Rules - Define allowed traffic leaving Azure resources.

Priority - Rules are evaluated based on priority, where lower numbers have higher precedence.

Default Rules - Azure provides default security rules that deny all inbound and allow all outbound traffic unless overridden.

6_3: Creating and Configuring NSG Rules

Step 1: Navigation

Here we are going to create rules for Application Server.

Go to Application Server-->Networking-->Rules-->Create Port Rules.

Step 2: Add Inbound Rules

Available Subnets

• Allow HTTP traffic (port 80) from a Load Balancer, API Gateway, or specific trusted sources (not from the Bastion).

• If HTTPS is used, allow port 443 instead.

• If the App Server connects to a Database, allow DB traffic (e.g., MySQL 3306, SQL Server 1433, Oracle 1521) only from the App Server subnet.

Step 3: Add Outbound Rules

1. Rule 1: For accessing to Database Subnet. Allowing TCP on 1521.

2. Rule 2: For accessing to Web Subnet. Allowing TCP on 80.

6_4: Final Configuration for the Application Server

✅ Inbound Rules (Allowing Traffic to the App Server) Allow HTTP/HTTPS (TCP 80/443) traffic from Web Subnet (Load Balancers, API Gateway, or trusted sources).

Reason: This allows external users to reach your application via the Load Balancer.

✅ Outbound Rules (Allowing the App Server to Communicate) Allow outbound TCP 80/443 traffic from App Subnet to Web Subnet (if needed).

Reason: If the app server needs to communicate with a front-end service or make API calls, this is necessary.

Allow outbound TCP 1521 traffic from App Subnet to DB Subnet.

Reason: The app server needs to connect to the database for application logic and data processing.