Configure Networking
To create an Microsoft Azure virtual machine:
- Create a security group
- Create security rules
- Associate security rules with VM
Create a security group
- Sign in or return to the Microsoft Azure Portal.
- From the menu, select All Services and search for Resource Groups.
Alternatively, select Resource Groups from the favorites list. - Click the name of the resource group to hold the network security rule set.
- Click Add.
- Search and select Network security group.
- Select Create.
- Name the security group.
- Click Create and Review.
- Click Create.
Create inbound rules
- In Settings, click Inbound security rules.
- Click Add.
- In the Add inbound security rule dialog box, specify.
Field Value Destination port range 80 / 443 Protocol
TCP
Name Port80/port 443 rule Priority
100/101
Note that port 80 is optional.
- Click Add.
- Repeat to create rules for both port 80 and 443.
Associate security rules
- Navigate to HOME > VM.
- Click the name of Access Gateway VM.
- In Settings, select Subnets.
- Click Associate.
- Search and associate the security group created earlier.
- Create a network security using the az network nsg create command:
az network nsg create --resource-group AccessGateway --location <location> --name <name>
Where:- <location> is the region to house the security group.
- <resource-group> is the name of the resource group created earlier.
- <name> is the name of the new security group.
For example:
az network nsg create --resource-group AccessGateway --location eastus --name AGSecurityGroup
Which produces the following results:
{ "NewNSG": { "defaultSecurityRules": [ { "destinationAddressPrefixes": [], "destinationApplicationSecurityGroups": null, . . . ]} } - Add a network security rule for port 80 using the az network nsg rule create command:
Note that port 80 is optional.
az network nsg rule create \ --resource-group <resource-group>\ --nsg-name <network-security-group>\ --name <rule-name>\ --protocol tcp \ --priority 1000 \ --destination-port-range 80
Where:- <resource-group> is the name of the previously created resource group.
- <nework-security-group> is the name of the new security group.
- <rule-name> is a name for the rule.
For example:
az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup \
--name Port80GroupRule --protocol tcp --priority 1000 --destination-port-range 80Which produces the following results:
{- Finished "access": "Allow", "description": null, "destinationAddressPrefix": "*", . . . } - Add a network security rule for port 443 using the az network nsg rule create command.
For example:
az network nsg rule create --resource-group AccessGateway --nsg-name AGSecurityGroup \
--name Port443GroupRule --protocol tcp --priority 1001 --destination-port-range 443Which produces the following results:
{- Finished "access": "Allow", "description": null, "destinationAddressPrefix": "*", . . . } - Associate the new security group with the VM nic using the az network nic update command:
az network nic update \
--resource-group <resource-group>\
--name <nic-name>\
--network-security-group <security-group-name>
Where:- <resource-group> is the name of the resource group created earlier.
- <nic-name> is the name of nic to associate the security group with.
- <nework-security-group> is the name of the new security group.
For example:# obtain the name of the nic. az vm nic list --resource-group AccessGateway --vm-name "OAG5.0vm" [{ "id": "/subscriptions/. . . /networkInterfaces/OAG5.0VMVMNic", . . . }] # Assign the security group to the nic az network nic update \ --resource-group AccessGateway\ --name OAG5.0VMMVNic --network-security-group AGSecurityGroup
Which produces the following results:{{"dnsSettings": { "dnsSettings": { appliedDnsServers": [], . . . }