Multi tier VNet with NSGs and DMZ

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure Deploy To Azure US Gov Visualize

This template creates a VNet with 3 subnets:

  • Frontend - FESubnet / 10.0.0.0/24
  • Application - AppSubnet / 10.0.1.0/24
  • Database - DBSubnet / 10.0.2.0/24

It also creates three Network Security Groups - one per subnet:

  • Frontend - FE_NSG
  • Application - App_NSG
  • Database - DB_NSG

Each NSG is then associated with a subnet:

  • FESubnet to FE_NSG
  • AppSubnet to App_NSG
  • DBSubnet to DB_NSG

It creates DMZ rules for the App subnet to expose endpoints to the Internet. It secures the App subnet and the Database subnet with appropriate rules. It blocks Outbound Internet access to VMs in the App and Database subnets. It opens up the Database Subnet only on port 1433 the App Subnet.

Tags: Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks