![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 54%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,187 questions
Hello Rocky Mondal
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
To block public IP access and allow only private IP access to your Azure virtual machine through VPN, you can configure NSG to achieve this.
-Create a Network Security Group (NSG) and associate it with your Azure virtual machine.
- Navigate to your virtual machine in the Azure portal and click on "Networking" from the left-hand menu.
- Click on "Network security group" and then click on "Create".
- Give a name to the NSG and select the resource group and region where the virtual machine is located.
- Click on "Review + create" and then click on "Create" to create the NSG. Ref: https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal#create-a-network-security-group
-Add an inbound security rule to the NSG to allow traffic from the VPN Gateway to the virtual machine.
- Navigate to the NSG and click on "Inbound security rules" from the left-hand menu.
- Click on "Add" to add a new rule.
- Give a name to the rule, select "Any" as the source IP address, and select "VirtualNetwork" as the source type.
- Select "Custom" as the service, and then select "TCP" as the protocol type and enter the port number you want to allow.
- Select "Allow" as the action and then click on "Add" to add the rule. Ref: https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
-Add an outbound security rule to the NSG to allow traffic from the virtual machine to the VPN Gateway.
- Navigate to the NSG and click on "Outbound security rules" from the left-hand menu.
- Click on "Add" to add a new rule.
- Give a name to the rule, select "VirtualNetwork" as the destination type, and select "Any" as the destination IP address.
- Select "Custom" as the service, and then select "TCP" as the protocol type and enter the port number you want to allow.
- Select "Allow" as the action and then click on "Add" to add the rule.
-Configure the VPN Gateway to allow traffic from the virtual network to the internet.
With the above configuration, your Azure virtual machine will only allow connections through VPN and block all public IP addresses. Hope this helps.
If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.
