DEV Community

Cover image for Create and Configure Network Security Groups (NSGs)
daniel shaibu
daniel shaibu

Posted on • Edited on

Create and Configure Network Security Groups (NSGs)

#devops #aws #cloud #github

This exercise focuses on securing traffic inside app‑vnet by using Network Security Groups (NSGs) and Application Security Groups (ASGs). You’ll create rules for frontend web servers and backend database servers, then deploy two VMs to test the configuration.

Scenario
Your organization needs tighter control over traffic inside the virtual network. The requirements are:

  • Frontend subnet hosts web servers accessible from the internet
  • These servers must be grouped using an Application Security Group (ASG)
  • Backend subnet hosts database servers
  • Backend traffic must only be reachable from the frontend servers
  • Two Ubuntu VMs (VM1 and VM2) will be deployed for testing

Step-by-Step Instructions
1. Deploy the Required Virtual Machines
The lab provides an ARM template to deploy VM1 (frontend) and *VM2 *(backend).

  1. Open Azure Cloud Shell (PowerShell).

  2. Run the deployment command :


  3. Create two VMs (vm1 & vm2) windows and ubutu respectively

2. Create the Application Security Group (ASG)

  1. In the Azure portal, search for Application security groups.

  2. Select + Create.

  3. Configure:
    Resource group: RG1
    Name: app-frontend-asg
    Region: Norway East

3. Associate the ASG with VM1

  1. Open VM1 in the Azure portal.

  2. Go to Networking → Application security groups.

  3. Select Add application security groups.

  4. Choose app-frontend-asg → Add.

This step ensures VM1 is part of the frontend ASG, as required in the exercise

4. Create the Network Security Group (NSG)

  1. Search for Network security groups.

  2. Select + Create.

  3. Configure:
    Resource group: RG1
    Name: app-vnet-nsg
    Region: Norway East

  4. Select Review + create, then Create

    5. Associate the NSG with the Backend Subnet

  5. Open app-vnet-nsg.

  6. Go to Subnets → + Associate.

  7. Select:

    • Virtual network: app‑vnet

  8. Subnet: backend

    • Select OK.

6. Create the NSG Rule to Allow Frontend → Backend Traffic

  1. Open app-vnet-nsg.

  2. Go to Inbound security rules → + Add.

  3. Configure the rule:
    Source: Application security group
    Source ASG: app-frontend-asg
    Destination: Any
    Service: SSH (as defined in the lab)
    Action: Allow
    Priority: 100
    Name: AllowSSH

  1. Save the rule.

Top comments (0)