Microsoft Azure Tutorials

How To Create Network Security Groups In Azure – Lab8

In this tutorial you will learn how to create Network Security Groups in Azure. This lab will walk you through the steps to deploy a virtual machine and then edit network security groups in azure to allow specific traffic like RDP and HTTP.

What are Azure Network Security Groups (NSGs) ?

  • A network security group contains security rules that allow or deny inbound and outbound network traffic, to and from, several types of Azure resources. You can specify source and destination, port, and protocol for each rule.

Task Details

  1. Log into Azure Portal.
  2. Deploy a virtual machine.
  3. Allow RDP traffic with NSG rules.
  4. Install IIS on virtual machine.
  5. Allow HTTP traffic with NSG rules.
  6. Access the web page with browser.

Task 1: Log into Azure Portal

  1. Open a browser tab and go to the Azure portal using URL https://portal.azure.com.
  2. Sign in with your username and password on azure portal.

Task 2: Deploy A Virtual Machine

1. From Azure services click Virtual machines.

2. From here click the Create dropdown and select Azure virtual machine.

3. In the Basics tab fill out your virtual machine details

Project Details

  • Subscription:  Select your subscription
  • Resource Group: Create a group called AzureLab

Instance Details

  • Virtual Machine Name: AzureLabVM01
  • Region: Select one specific to you
  • Availability options: No infrastructure redundancy required
  • Security Type: Standard
  • Image: Windows Server 2022 Datacenter: Azure Edition – Gen2
  • Size: Standard_B2s – 2 vcpu, 4GB memory

Administrator Account

  • Username: Enter a username
  • Password: Enter a strong password

Inbound port rules

  • Public inbound ports: None

4. Click Next: Disks> button.

5. In the Disks tab we will just make one setting change.

  • OS disk type: Standard SSD

6. Click the Next : Networking > button.

7. In this Networking tab leave all as default and click Next : Management > button.

8. In the Management tab we will make one setting change.

  • Boot diagnostics: Disable

9. Select the Review + create button at the bottom of the page and then click on Create. After a few minutes, your VM will be deployed. Once the machine is successfully deployed click Go to resource.

Task 3: Allow RDP traffic with NSG rules

1. On the Overview Page of your VM, locate and click on Networking, here you can see the network interface which has the public ip address and the private ip address of your VM this area also provides the inbound and outbound port rules.

2. Click on Add inbound port rule and enter or select the following information:

  • Source: Service Tag
  • Source service tag: Internet
  • Source port ranges: *
  • Destination: Any
  • Service: RDP
  • Action: Allow
  • Priority: 100
  • Name: RDP_3389

3. Now click the Add button.

4. Locate and click on the Overview page.

Task 4: Install IIS on virtual machine

1. How we will have to remote connect to the virtual machine to achieve this task. Click the Connect dropdown and select RDP from the drop down. 

2. Click Download RDP File button.

3. Open the RDP file and enter your credentials

4. Run Powershell as admin.

5. Enter the following command to install IIS.

Install-WindowsFeature -name Web-Server -IncludeManagementTools

6. Once IIS is installed enter the following command to auto start the IIS service.

Set-Service -name W3SVC -startupType Automatic

 

Task 5: Allow HTTP traffic with NSG rules.

1. On the Overview Page of your VM, locate and click on Networking, here you can see the network interface which has the public ip address and the private ip address of your VM this area also provides the inbound and outbound port rules.

2. Click on Add inbound port rule and enter or select the following information:

  • Source: Service Tag
  • Source service tag: Internet
  • Source port ranges: *
  • Destination: Any
  • Service: HTTP
  • Action: Allow
  • Priority: 100
  • Name: HTTP_80

3. Now click the Add button.

Task 6: Access the web page with browser

1. Locate your servers public IP.

2. Copy the IP and paste it into your browser.

3. You should have successfully landed onto the default IIS web page.

You have successfully completed this lab on how To Create Network Security Groups In Azure and even testing a deployment to access RDP and HTTP. Remember to delete all that has been created.

I hope this article was helpful, if you have any questions, please feel free to contact me. If you would like to be notified of when I create a new post, you can subscribe to my blog alert.

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.