DEV Community

Cover image for Control the network traffic to and from the web application in Azure
Baridiilo Poromon
Baridiilo Poromon

Posted on

Control the network traffic to and from the web application in Azure

An application security group (ASGs) enables you to group together servers with similar functions, such as web servers.

To create an Application Security Group enter and select Application security group in the search box of the Azure portal. Click + Create.
Image description

On the Basics tab of create an application security group, enter the required information: Select your subscription, Resource group "RG1" Name "app-backend-asg" and Region "East US". Select Review + create and then select Create.

Image description

A network security group (NSG) secures network traffic in your virtual network. NSGs contain a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated with subnets and/or individual network interfaces attached to Azure Virtual Machines (VM).

To Create and Associate a Network Security Group enter and select Network Security Group in the search box of the Azure portal. Click + Create.

Image description

On the Basics tab of Create network security group, enter the required information: Select your subscription, Resource group "RG1", Name "app-vnet-nsg, Region "East US".

Image description

Select Review + create and then select Create.

The next steps are to associate the network security group with the subnet of the virtual network that was created earlier.

Enter and select Network security group in the search bar.

Select "app-vnet-nsg" from the list of network security groups.

Image description

Select Subnets from the Settings section of app-vnet-nsg.

Image description

In the Subnets page, select + Associate

Under Associate subnet, select app-vnet (RG1) for Virtual network. and select Backend for Subnet, and then select OK.

Image description

A network security group (NSG) secures network traffic in your virtual network.

To create Network Security Group rules, enter and select Network security group in the Azure portal search bar.

Select app-vnet-nsg from the list of network security groups.

Select Inbound security rules from the Settings section of app-vnet-nsg.

Select + Add.

On the Add inbound security rule page, enter the information required:

Property Value
Source Any
Source port ranges *
Destination Application Security group
Destination application security group app-backend-asg
Service SSH
Action Allow
Priority 100
Name AllowSSH

Image description

Image description

Deploy an ARM template using Cloud Shell to create the VMs needed

In the Azure portal, open the Azure Cloud Shell by selecting the icon in the top right of the Azure Portal.

If prompted to select either Bash or PowerShell, select PowerShell.

Image description

Deploy the following ARM template using Cloud Shell to create the VMs needed for this exercise:

$RGName = "RG1"

New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateUri https://raw.githubusercontent.com/MicrosoftLearning/Configure-secure-access-to-workloads-with-Azure-virtual-networking-services/main/Instructions/Labs/azuredeploy.json

Image description

to Verify that both the VM1 and VM2 virtual machines are running, navigate to the RG1 resource group and select VM1 then validate that the status of the virtual machine is Running.

Repeat the previous step for VM2.

Associate the application security group to the network interface of the VM

When you created the VMs, Azure created a network interface for each VM, and attached it to the VM.

Add the application security group you created previously to the network interface of VM2.

Navigate to the RG1 resource group in the Azure portal and select VM2.

Image description

Go to the networking tab of the VM, select + Add application security groups from the Application security groups section.

Select app-backend-asg from the list of application security groups.

Image description

Select Add.

Top comments (0)