VMs getting connect to Internet without having Public IP or NAT gateway

Question

I have created VM with out assigning Public IP or NAT Gateway.

just in NSG out bound it has 0.0.0.0/0 . which allowing the VM to communicate on internet without public IP, which big risk. Please suggest on it. And I don't want to block out bound 0.0.0.0/0 . As I need to perform some test with AZURE and AWS .

Answer 1

Hi, This is the default behaviour in Azure as when you deploy a VM without public IP, you can still get access to internet via Azure platform. But that is only for outbound. From Internet, your VM will not be accessible. If you don't want outbound traffic to reach internet, you can use NSG to block it or deploy services like Azure Firewall to restrict outbound traffic.

Answer 2

Hi @Sunil Poojari ,

every Azure is able to connect with the internet (outbound communication) by default.

The option you have is to use Network Security Groups (NSG) associated with the subnet (affects all VMs in the same subnet) or individual VMs (NSG will be associated with the NIC of the VM) .

Another option might be to use a Firewall or NAT Gateway to manage internet access of Azure VMs.

To allow connections with AWS and deny connections to the rest of the internet you can add different rules with different priorities to the NSGs:

• Higher priority (lower number) to allow communication with AWS
• Lower priority (higher number) to deny communication with 0.0.0.0

---

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten