Azure VM without Network Security Group

Attya, Mohamed 226 Reputation points
2023-07-07T04:30:12.9366667+00:00

If ab azure vm without a network security group applied, can it communicate and receive inbound network traffic with all protocols from a different azure VM with different subnet.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,013 questions
{count} votes

Accepted answer
  1. Andriy Bilous 11,821 Reputation points MVP Volunteer Moderator
    2023-07-07T05:12:49.48+00:00

    Hello @Attya, Mohamed

    Yes, with no NSG attached to VM nothing is being blocked (imagine NSG is a firewall, what happens when there is NO firewall?).

    https://stackoverflow.com/questions/47679381/azure-vm-able-to-rdp-even-when-not-assigned-to-a-nsg-arm-model

    For inbound traffic, Azure processes the rules in a network security group associated to a subnet first, if there's one, and then the rules in a network security group associated to the network interface, if there's one. This process includes intra-subnet traffic as well.

    The following picture illustrates different scenarios for how network security groups might be deployed to allow network traffic to and from the internet over TCP port 80:

    Diagram of NSG processing.

    Also in Standard Public IP and it is blocked by default, if you use Basic Public IP you wouldn't need NSG241579-image.png

    Reference: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses#sku

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.