Configure Networking

To create an Microsoft Azure virtual machine:

  • Create a security group
  • Create Security Rules
  • Associate Security Rules with VM

Create a security group

  1. Login or return to the Microsoft Azure Portal.
  2. In the upper left corner menu select All Services and search for Resource GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
    Alternatively select Resource Groups from the favorites list.
  3. Click the name of the resource group to hold the network security rule set.
  4. Click Add, then search for and select Network security group.
  5. Select Create.
  6. Name the security group.
  7. Click Create and Review.
  8. Click Create.

Create inbound rules

  1. Under Settings, click Inbound security rules.
  2. Click Add.
  3. In the Add inbound security rule dialog specify.
    FieldValue
    Destination port range80 / 443

    Protocol

    TCP

    NamePort80/port 443 rule

    Priority

    100/101

  4. Click Add.
  5. Repeat to create rules for both port 80 and 443.

Associate Security Rules

  1. Navigate to the HOME > VMs.
  2. Click the name of Access Gateway VM.
  3. In Settings, select Subnets.
  4. Click Associate.
  5. Search for and associate the previously created security group.
  1. Create a network security using the az network nsg create command:
    az network nsg create --resource-group AccessGateway --location <location> --name <name>

    Where:
    • <location> is the region to house the security group.
    • <resource-group> is the name of the previously created resource group.
    • <name> is the name of the new security group.

    For example:

    az network nsg create --resource-group AccessGateway --location eastus --name AGSecurityGroup 

    Which will produce results similar to:

    { "NewNSG": {
       "defaultSecurityRules": [
       {
      "destinationAddressPrefixes": [],
      "destinationApplicationSecurityGroups": null,
       . . . ]}
    }	
  2. Add a network security rule for port 80 the az network nsg rule create command:
    az network nsg rule create \
    --resource-group <resource-group>\
    --nsg-name <network-security-group>\
    --name <rule-name>\
    --protocol tcp \
    --priority 1000 \
    --destination-port-range 80

    Where:
    • <resource-group> is the name of the previously created resource group
    • <nework-security-group> is the name of the new security group
    • <rule-name> is a name for the rule

    For example:

    az network nsg rule create --resource-group AccessGateway  --nsg-name AGSecurityGroup    \
    --name Port80GroupRule --protocol tcp --priority 1000 --destination-port-range 80

    Which will produce results similar to:

    {- Finished 
        "access": "Allow",
        "description": null,
        "destinationAddressPrefix": "*",
        . . . 
    }	
  3. Add a network security rule for port 443 the az network nsg rule create command.

    For example:

    az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup    \
    --name Port443GroupRule --protocol tcp --priority 1001 --destination-port-range 443

    Which will produce results similar to:

    {- Finished 
        "access": "Allow",
        "description": null,
        "destinationAddressPrefix": "*",
        . . . 
    }	
  4. Associate the new security group with the VM nic using the az network nic update command:
    az network nic update \
    --resource-group <resource-group>\
    --name <nic-name>\
    --network-security-group <security-group-name>
    Where:
    • <resource-group> is the name of the previously created resource group
    • <nic-name> is the name of nic to associate the security group with
    • <nework-security-group> is the name of the new security group

    For example:

    # obtain the name of the nic.
    az vm nic list --resource-group AccessGateway --vm-name "OAG5.0vm"
    [{
     "id": "/subscriptions/. . . /networkInterfaces/OAG5.0VMVMNic",
         . . .
    }]
    
    # Assign the security group to the nic
    az network nic update \
        --resource-group AccessGateway\
        --name OAG5.0VMMVNic
        --network-security-group AGSecurityGroup 
    							

    Which will produce results similar to:

    {{"dnsSettings": {
    "dnsSettings": {
    appliedDnsServers": [],
    . . .
    }

See Also

Top