Configure networking

Create a Microsoft Azure virtual machine, a security group, and inbound security rules, then associate the security rules with the virtual machine.

Create a security group

  1. Sign in to the Microsoft Azure Portal.
  2. From the menu, select All Services and search for Resource Groups. Alternatively, select Resource Groups from the favorites list.
  3. Click the name of the resource group where you want to add the network security rule set.
  4. Click Add.
  5. Search and select Network security group.
  6. Select Create.
  7. Name the security group.
  8. Click Create and Review.
  9. Click Create.

Create inbound security rules

  1. In Settings, click Inbound security rules.
  2. Click Add.
  3. Enter the following values:
    • Destination port range: 80/443
    • Protocol: TCP
    • Name: Port80/Port443 Rule
    • Priority: 100/101

    Port 80 is optional.

  4. Click Add.
  5. Repeat these steps to create rules for ports 80 and 443.

Associate security rules

  1. Go to HOME > VM.
  2. Click the name of Access Gateway virtual machine.
  3. In Settings, select Subnets.
  4. Click Associate.
  5. Search for the security group that you created earlier and associate it with the virtual machine.
  1. Create a network security using the az network nsg create command:

    az network nsg create --resource-group AccessGateway --location <location> --name <name>

    • <location> is the region to house the security group.
    • <resource-group> is the name of the resource group that you created earlier.
    • <name> is the name of the new security group.

    Here is an example of the az network nsg create command with the parameters populated with values:

    az network nsg create --resource-group AccessGateway --location eastus --name AGSecurityGroup

    When you run the az network nsg create command, the following results appear:

    { "NewNSG": { "defaultSecurityRules": [ { "destinationAddressPrefixes": [], "destinationApplicationSecurityGroups": null, . . . ]} }

  2. Add a network security rule for port 80 using the az network nsg rule create command. Port 80 is optional:

    az network nsg rule create \ --resource-group <resource-group>\ --nsg-name <network-security-group>\ --name <rule-name>\ --protocol tcp \ --priority 1000 \ --destination-port-range 80

    • <resource-group> is the name of the previously created resource group.
    • <nework-security-group> is the name of the new security group.
    • <rule-name> is a name for the rule.

    Here is an example of the az network nsg rule create command with the parameters populated with values:

    az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup \ --name Port80GroupRule --protocol tcp --priority 1000 --destination-port-range 80

    When you run the az network nsg rule create command, the following results appear:

    {- Finished "access": "Allow", "description": null, "destinationAddressPrefix": "*", . . . }

  3. Add a network security rule for port 443 using the az network nsg rule create command:

    az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup \ --name Port443GroupRule --protocol tcp --priority 1001 --destination-port-range 443

    When you run the az network nsg rule create command, the following results appear:

    {- Finished "access": "Allow", "description": null, "destinationAddressPrefix": "*", . . . }
  4. Associate the new security group with the VM nic using the az network nic update command:

    az network nic update \ --resource-group <resource-group>\ --name <nic-name>\ --network-security-group <security-group-name>

    • <resource-group> is the name of the resource group created earlier.
    • <nic-name> is the name of nic to associate the security group with.
    • <nework-security-group> is the name of the new security group.

    Here's an example of the az network nic update command with the parameters populated with values:

    # obtain the name of the nic. az vm nic list --resource-group AccessGateway --vm-name "OAG5.0vm" [{ "id": "/subscriptions/. . . /networkInterfaces/OAG5.0VMVMNic", . . . }] # Assign the security group to the nic az network nic update \ --resource-group AccessGateway\ --name OAG5.0VMMVNic --network-security-group AGSecurityGroup

    When you run the az network nic update command, the following results appear:

    {{"dnsSettings": { "dnsSettings": { appliedDnsServers": [], . . . }