NetworkSecurityGroup

---

Resource Icon

Resource Overview

Azure Network Security Group (NSG) is a networking filter in Azure that controls access to resources within a Virtual Network (VNet). It acts as a firewall, allowing or denying network traffic based on a set of defined rules. NSGs can be associated with subnets, network interfaces, or virtual machines within a VNet. Once associated, the NSG filters inbound and outbound traffic to and from the resource. NSGs can contain multiple inbound and outbound security rules with assigned priorities, allowing for detailed control of network traffic. As a key component of Azure's network security, NSGs provide an additional layer of protection for virtual network resources. They help limit exposure to potential threats by filtering network traffic at the subnet level.

Associated Resources

Parent Resource

• Resource Group

Connected Resources

• Linux Virtual Machine
• Windowsserver Virtual Machine
• Application Gateway
• Bastion Host
• Network Interface
• - [Subnet](https://docs.cstudio.app/en/docs/resource/azure/Network/Subnet)

Resource Setting Values

• security_rules

  • http
    • priority : The priority of the Rule, Between 100 and 4096 - 100 ~ 4096
    • direction : Whether the rule applies to inbound, or outbound traffic - Inbound, Outbound
    • access : Allow network traffic - Allow, Deny
    • protocol : Network protocol this rule applies to - Tcp, Udp, Icmp, Esp, Ah, *
    • source_port_ranges : Source Port or Port range, Integer or range between 0 and 65535 or *
    • destination_port_ranges : Destination Port or Port range, Integer or range between 0 and 65535 or *
    • source_address_prefixes : CIDR or source IP range
    • destination_address_prefixes : CIDR or destination IP range
    • description : Description of Security Rule
  • https
    • priority : The priority of the Rule, Between 100 and 4096 - 100 ~ 4096
    • direction : Whether the rule applies to inbound, or outbound traffic - Inbound, Outbound
    • access : Allow network traffic - Allow, Deny
    • protocol : Network protocol this rule applies to - Tcp, Udp, Icmp, Esp, Ah, *
    • source_port_ranges : Source Port or Port range, Integer or range between 0 and 65535 or *
    • destination_port_ranges : Destination Port or Port range, Integer or range between 0 and 65535 or *
    • source_address_prefixes : CIDR or source IP range
    • destination_address_prefixes : CIDR or destination IP range
    • description : Description of Security Rule

• linked_subnet_names : The name of Subnet to which to attach the Network Security Group

• linked_network_interface_names : The name of Network Interface to which to attach the Network Interface

• tag : Tag to categorize resources - up to 512 characters, key :value

---

Reference Materials

• Azure NetworkSecurityGroup(Microsoft)
• Azure NetworkSecurityGroup(Terraform)