DEV Community

Cover image for # 🛰️ Azure Networking Series — Creating a Subnet, NSG, and Securing an FTP Server Environment
Ganiyat Olagoke Adebayo
Ganiyat Olagoke Adebayo

Posted on

# 🛰️ Azure Networking Series — Creating a Subnet, NSG, and Securing an FTP Server Environment

#security #networking #azure #tutorial

In this part of the Azure project, you’re assisting an Azure Administrator with maintaining and organizing cloud resources. There’s an underutilized Linux virtual machine, and the team needs a new Linux VM that will serve as an FTP server.

Before deploying that VM, you must first prepare the network properly. The admin wants to track network flow and resource utilization for the upcoming FTP server, so you’ll start by creating a new subnet — separate from the existing one — and securing it with a Network Security Group (NSG).

This ensures better isolation, higher security, and cleaner management for SFTP/FTP-related traffic.

Let’s walk through the steps.

Step 1 — Create a New Subnet on an Existing Virtual Network (VNet)

1. Log into Azure

Go to: https://portal.azure.com

2. Open Virtual Networks

  • In the search bar, type “virtual networks”
  • Select Virtual networks under Services
  • Choose guided-project-vnet

3. Add a New Subnet

  • On the vNet blade, under Settings, select Subnets
  • Click + Subnet

  • Leave Subnet purpose as Default
  • For Name, enter: ftpSubnet
  • Leave all other settings unchanged
  • Select Add


You have successfully created a new subnet!
This subnet will be dedicated to SFTP/FTP workloads, separate from the main subnet.

Step 2 — Create a Network Security Group (NSG)

To secure the new subnet, you’ll create an NSG that controls which traffic is allowed.

1. Navigate to Network Security Groups

  • Go back to Home
  • Search for Network security groups

  • Select Network security groups under services
  • Click + Create

2. Configure the NSG

  • Confirm the correct Subscription
  • Choose Resource Group → guided-project-rg
  • Name → ftpNSG
  • Select Review + create → then Create


When deployment completes, click Go to resource.

Step 3 — Add an Inbound Security Rule

The FTP/SFTP server needs SSH traffic (Port 22), so you’ll create an allow rule.

1. Open Inbound Security Rules

  • Under Settings, select Inbound security rules

  • Click + Add

2. Configure the Rule

  • Destination port range → change from 8080 to 22
  • ProtocolTCP
  • NameftpInbound
  • Select Add


You’ve now created a network security group with SSH (port 22) allowed, suitable for an FTP/SFTP server environment.

Step 4 — Associate the NSG with the Subnet

Now link the NSG to the subnet you created earlier.

1. Navigate back to the VNet

  • Go to Home
  • Search virtual networks
  • Select guided-project-vnet

2. Apply the NSG to the Subnet

  • Under Settings, select Subnets
  • Choose ftpSubnet

  • Under Security, set Network security group → ftpNSG

  • Click Save

Done! The subnet is now protected with your NSG.

Conclusion

In this exercise, you prepared the network layer for a future FTP server by:

✔ Creating a new, isolated subnet
✔ Building a Network Security Group
✔ Adding an inbound SSH rule
✔ Associating the NSG with the subnet

This ensures the upcoming Linux FTP VM will sit in a secure, well-structured environment, with traffic carefully controlled.

You're now ready for the next step: deploying and configuring the Linux VM that will serve as your FTP server.

Top comments (0)