Multi tier VNet with NSGs and DMZ
This template creates a VNet with 3 subnets:
- Frontend - FESubnet / 10.0.0.0/24
- Application - AppSubnet / 10.0.1.0/24
- Database - DBSubnet / 10.0.2.0/24
It also creates three Network Security Groups - one per subnet:
- Frontend - FE_NSG
- Application - App_NSG
- Database - DB_NSG
Each NSG is then associated with a subnet:
- FESubnet to FE_NSG
- AppSubnet to App_NSG
- DBSubnet to DB_NSG
It creates DMZ rules for the App subnet to expose endpoints to the Internet. It secures the App subnet and the Database subnet with appropriate rules. It blocks Outbound Internet access to VMs in the App and Database subnets. It opens up the Database Subnet only on port 1433 the App Subnet.
Tags: Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks