Best way to secure a VM with a Public IP

Greg Thomas 121 Reputation points
2021-12-10T14:21:05.407+00:00

Hi,

I have a VM that has a public IP on it. I would like to secure the Network Security Group to reduce access to it.

I have a rule right now for ports 80,443 that say Anything to Anything and allows traffic to go through.

Whenever I create a rule that goes from "Anything" to the specific public or private IP address the routing fails.

Is there something I'm doing wrong? I have other VMs in the NSG and don't want them to have this same rule applied which is why I'm trying to specify it by IP.

Thanks.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
6,844 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Alan Kinane 16,756 Reputation points MVP
    2021-12-10T14:39:14.58+00:00

    Is your NSG associated with the NiC of the VM or with the whole subnet? The Any to Any rule should be fine if the NSG only applies to this VM NIC.

    If you are sharing the NSG with other VMs then you should specify the private IP address of the destination resource (source is still 'Any') or else move the VM to its own subnet and apply the NSG to the entire subnet.

    0 comments No comments

  2. Greg Thomas 121 Reputation points
    2021-12-13T14:26:17.39+00:00

    Right now the VM is shared with a few other VMs on it's own subnet. (so 2 or 3 VMs on that subnet)

    So should I be creating a separate NSG if I am to keep it on the same subnet?

    How do the Application Security Groups fit into this as well?