Configure networking

Create a Microsoft Azure virtual machine.

  • Create a security group
  • Create inbound security rules
  • Associate security rules with VM

Create a security group

  1. Sign in or return to the Microsoft Azure Portal.
  2. From the menu, select All Services and search for Resource Groups.
    Alternatively, select Resource Groups from the favorites list.
  3. Click the name of the resource group to hold the network security rule set.
  4. Click Add.
  5. Search and select Network security group.
  6. Select Create.
  7. Name the security group.
  8. Click Create and Review.
  9. Click Create.

Create inbound security rules

  1. In Settings, click Inbound security rules.
  2. Click Add.
  3. Enter the following values:
    • Destination port range: 80/443
    • Protocol: TCP
    • Name: Port80/Port443 Rule
    • Priority: 100/101

    Port 80 is optional.

  4. Click Add.
  5. Repeat to create rules for both port 80 and 443.

Associate security rules

  1. Go to HOME > VM.
  2. Click the name of Access Gateway VM.
  3. In Settings, select Subnets.
  4. Click Associate.
  5. Search and associate the security group created earlier.
  1. Create a network security using the az network nsg create command:az network nsg create --resource-group AccessGateway --location <location> --name <name>Where:
    • <location> is the region to house the security group.
    • <resource-group> is the name of the resource group created earlier.
    • <name> is the name of the new security group.

    For example:

    az network nsg create --resource-group AccessGateway --location eastus --name AGSecurityGroup

    Which produces the following results:

    { "NewNSG": { "defaultSecurityRules": [ { "destinationAddressPrefixes": [], "destinationApplicationSecurityGroups": null, . . . ]} }
  2. Add a network security rule for port 80 using the az network nsg rule create command:

    Note that port 80 is optional.

    az network nsg rule create \ --resource-group <resource-group>\ --nsg-name <network-security-group>\ --name <rule-name>\ --protocol tcp \ --priority 1000 \ --destination-port-range 80Where:
    • <resource-group> is the name of the previously created resource group.
    • <nework-security-group> is the name of the new security group.
    • <rule-name> is a name for the rule.

    For example:

    az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup \ --name Port80GroupRule --protocol tcp --priority 1000 --destination-port-range 80

    Which produces the following results:

    {- Finished "access": "Allow", "description": null, "destinationAddressPrefix": "*", . . . }
  3. Add a network security rule for port 443 using the az network nsg rule create command.

    For example:

    az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup \ --name Port443GroupRule --protocol tcp --priority 1001 --destination-port-range 443

    Which produces the following results:

    {- Finished "access": "Allow", "description": null, "destinationAddressPrefix": "*", . . . }
  4. Associate the new security group with the VM nic using the az network nic update command: az network nic update \ --resource-group <resource-group>\ --name <nic-name>\ --network-security-group <security-group-name>

    Where:

    • <resource-group> is the name of the resource group created earlier.
    • <nic-name> is the name of nic to associate the security group with.
    • <nework-security-group> is the name of the new security group.

    For example:

    # obtain the name of the nic. az vm nic list --resource-group AccessGateway --vm-name "OAG5.0vm" [{ "id": "/subscriptions/. . . /networkInterfaces/OAG5.0VMVMNic", . . . }] # Assign the security group to the nic az network nic update \ --resource-group AccessGateway\ --name OAG5.0VMMVNic --network-security-group AGSecurityGroup

    Which produces the following results:

    {{"dnsSettings": { "dnsSettings": { appliedDnsServers": [], . . . }