Creating a Network Security Group with Inbound and Outbound Rules in Azure
After you follow these steps, you will have a better understanding of the different components of the Network Security Group and how to use the Network Security Group with the intention of protecting your Azure infrastructure.
Login to Azure Portal and login to the Virtual Machine via RDP
Click on the Virtual Machine
Copy either the DNS name or the public IP address that you see in the overview section
Paste in the IP Address into the Microsoft Remote Desktop App
Enter the Username and Password forthe Virtual Machine
Accept the certificate
Create Network Security Group called NSG-WEB-South-Central
Type “Network Security Group” without the quotes
In the Network Security Groups, Click on “Add”
Type in NSG-WEB-South-Central as the name and change Location to “South Central US”
Once deployed, click on go to resource at the top right so you are ready for the next task.
Add inbound rules on NSG-WEB-South-Central to deny traffic on port 80 allow traffic on 443 and allow traffic on 3389
Add a New Inbound Security Rule
Change port to “80”, and change name to “http-deny”, and click on “Deny”
Add a New Inbound Security Rule
Change port to 443, and change name to “https-allow”, and click on “Allow”
Add a New Inbound Security Rule
Change port to 3389 and change name to “RDP-allow”, and click on “Allow”
Assign NSG “NSG-WEB-South-Central” to Virtual Machine
Click on Network Interfaces on the NSG that we created.
Click on “Associate”
Then select the interface “lab-NIC”
You will then see become associated below
You will need to disassociate “lab-NSG” network security group.
Add role(Management tools–>IIS Management Console
Go back to the RDP session for your Virtual Machine Click on Server Manager. Within the Dashboard, click on Add roles and features
Click “Next”
Click on “Web Server (IIS)”
Click on “Add Features”
Click on “Install”
After completion, you can click on “Close”
Go to default website in IIS and add port 443 using SNI and the default SSL certificate
Click Start, Go to Administrative Tools, then Internet Information (IIS) Manager
Click on “Bindings”
Click on “Add”
Change Type to “https”, add 443 to port, copy the DNS from Azure Portal, check “Require Server Name Indication”
Select whatever certificate is available
Test
Open up a web browser and type your DNS name for the Virtual Machine(it should be proceeded with http://). If everything is working correctly you should not be able to access the website via http. Then put https:// infront of the DNS name and you should see some type of page.