Configure Networking

To create an Microsoft Azure virtual machine:

  • Create a security group
  • Create security rules
  • Associate security rules with VM

Create a security group

  1. Sign in or return to the Microsoft Azure Portal.
  2. From the menu, select All Services and search for Resource Groups.
    Alternatively, select Resource Groups from the favorites list.
  3. Click the name of the resource group to hold the network security rule set.
  4. Click Add.
  5. Search and select Network security group.
  6. Select Create.
  7. Name the security group.
  8. Click Create and Review.
  9. Click Create.

Create inbound rules

  1. In Settings, click Inbound security rules.
  2. Click Add.
  3. In the Add inbound security rule dialog box, specify.
    FieldValue
    Destination port range80 / 443

    Protocol

    TCP

    NamePort80/port 443 rule

    Priority

    100/101

  4. Click Add.
  5. Repeat to create rules for both port 80 and 443.

Associate security rules

  1. Navigate to HOME > VM.
  2. Click the name of Access Gateway VM.
  3. In Settings, select Subnets.
  4. Click Associate.
  5. Search and associate the security group created earlier.
  1. Create a network security using the az network nsg create command:
    az network nsg create --resource-group AccessGateway --location <location> --name <name>

    Where:
    • <location> is the region to house the security group.
    • <resource-group> is the name of the resource group created earlier.
    • <name> is the name of the new security group.

     

    For example:

    az network nsg create --resource-group AccessGateway --location eastus --name AGSecurityGroup 

     

    Which produces the following results:

    { "NewNSG": {
       "defaultSecurityRules": [
       {
      "destinationAddressPrefixes": [],
      "destinationApplicationSecurityGroups": null,
       . . . ]}
    }	
     
  2. Add a network security rule for port 80 using the az network nsg rule create command:
    az network nsg rule create \
    --resource-group <resource-group>\
    --nsg-name <network-security-group>\
    --name <rule-name>\
    --protocol tcp \
    --priority 1000 \
    --destination-port-range 80

    Where:
    • <resource-group> is the name of the previously created resource group.
    • <nework-security-group> is the name of the new security group.
    • <rule-name> is a name for the rule.

     

    For example:

    az network nsg rule create --resource-group AccessGateway  --nsg-name AGSecurityGroup    \
    --name Port80GroupRule --protocol tcp --priority 1000 --destination-port-range 80

     

    Which produces the following results:

    {- Finished 
        "access": "Allow",
        "description": null,
        "destinationAddressPrefix": "*",
        . . . 
    }	
     
  3. Add a network security rule for port 443 using the az network nsg rule create command.

    For example:

    az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup    \
    --name Port443GroupRule --protocol tcp --priority 1001 --destination-port-range 443

     

    Which produces the following results:

    {- Finished 
        "access": "Allow",
        "description": null,
        "destinationAddressPrefix": "*",
        . . . 
    }	
     
  4. Associate the new security group with the VM nic using the az network nic update command:
    az network nic update \
    --resource-group <resource-group>\
    --name <nic-name>\
    --network-security-group <security-group-name>

    Where:
    • <resource-group> is the name of the resource group created earlier.
    • <nic-name> is the name of nic to associate the security group with.
    • <nework-security-group> is the name of the new security group.


    For example:

    # obtain the name of the nic.
    az vm nic list --resource-group AccessGateway --vm-name "OAG5.0vm"
    [{
     "id": "/subscriptions/. . . /networkInterfaces/OAG5.0VMVMNic",
         . . .
    }]
    
    # Assign the security group to the nic
    az network nic update \
        --resource-group AccessGateway\
        --name OAG5.0VMMVNic
        --network-security-group AGSecurityGroup 
    							


    Which produces the following results:

    {{"dnsSettings": {
    "dnsSettings": {
    appliedDnsServers": [],
    . . .
    }