🌐 Internet Gateway in Azure

This lab demonstrates how to control outbound internet access from an Azure Virtual Machine (VM) by configuring Network Security Group (NSG) rules. Specifically, it shows how to restrict access to only specific IP addresses, such as a particular Google IP.

---

🧱 Scenario: Restricting VM's Internet Access to a Specific IP

By default, when a VM is created in a public subnet with an associated public IP, it has unrestricted outbound internet access. To limit this access to a specific IP address, follow the steps below.

---

🔹 Step 1: Review Default Network Settings

• Virtual Network (VNet): A VNet is created with a public subnet.
• Virtual Machine (VM): A VM is deployed within this subnet.
• Network Settings: By default, the VM can access the internet without restrictions.

📷 Refer to Screenshot 1: VNet Configuration

📷 Refer to Screenshot 2: VM Deployment

📷 Refer to Screenshot 3: Default Network Settings

---

🔹 Step 2: Test Internet Connectivity

• Open a terminal on the VM.
• Ping google.com to verify internet connectivity.

ping google.com

📷 Refer to Screenshot 4: Successful Ping to google.com

Now if we want to allow our VM to access any specific IP of google, we have to overwrite this default route, for that we have to add below port rules in the VM’s Network Settings

1. Firstly we have to Deny Any Default Outbound rule, which will overwrite the default route

After adding this rule, we can see that now we are not able to ping google.com

2. Now we have to allow this specific IP of google from which we want the access to internet, add below rule.

We have added the specific IP of google into the rule and now we can see we able to ping that specific IP

Scenario 2: Reaching to VM from Personal Laptop Only

For connecting to the VM from only our personal laptop , then we have to add a rule and give the source to our IP only.

Now we can only connect to VM through our personal laptop only.