Do I need to open Azure NSG firewall rule and VM firewall rule at the same time
VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?
Or do I also need to log onto both VM's and configure the firewall rules?
What is the proper way to configure this? in terms of best practice.
azure firewall azure-nsg asked Nov 13 '18 at 13:15
jamesjames
5519
add a comment |
VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?
Or do I also need to log onto both VM's and configure the firewall rules?
What is the proper way to configure this? in terms of best practice.
azure firewall azure-nsg asked Nov 13 '18 at 13:15
jamesjames
5519
NSG rules do not affect the VM firewall, so often you have to configure both.
– juunas
Nov 13 '18 at 13:16
If the reply is helpful, you could accept it, or let me know if you need further help.
– Nancy Xiong
Nov 15 '18 at 3:52
thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.
– james
Nov 15 '18 at 10:55
@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?
– james
Nov 15 '18 at 11:23
No, it means the VM firewall allows the connection already.
– juunas
Nov 15 '18 at 11:53
add a comment |
VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?
Or do I also need to log onto both VM's and configure the firewall rules?
What is the proper way to configure this? in terms of best practice.
azure firewall azure-nsg asked Nov 13 '18 at 13:15
jamesjames
5519
VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?
Or do I also need to log onto both VM's and configure the firewall rules?
What is the proper way to configure this? in terms of best practice.
azure firewall azure-nsg azure firewall azure-nsg asked Nov 13 '18 at 13:15
jamesjames
5519
asked Nov 13 '18 at 13:15
jamesjames
5519
asked Nov 13 '18 at 13:15
jamesjames
5519
asked Nov 13 '18 at 13:15
jamesjames
5519
asked Nov 13 '18 at 13:15
jamesjames
5519
5519
NSG rules do not affect the VM firewall, so often you have to configure both.
– juunas
Nov 13 '18 at 13:16
If the reply is helpful, you could accept it, or let me know if you need further help.
– Nancy Xiong
Nov 15 '18 at 3:52
thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.
– james
Nov 15 '18 at 10:55
@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?
– james
Nov 15 '18 at 11:23
No, it means the VM firewall allows the connection already.
– juunas
Nov 15 '18 at 11:53
add a comment |
NSG rules do not affect the VM firewall, so often you have to configure both.
– juunas
Nov 13 '18 at 13:16
If the reply is helpful, you could accept it, or let me know if you need further help.
– Nancy Xiong
Nov 15 '18 at 3:52
thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.
– james
Nov 15 '18 at 10:55
@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?
– james
Nov 15 '18 at 11:23
No, it means the VM firewall allows the connection already.
– juunas
Nov 15 '18 at 11:53
NSG rules do not affect the VM firewall, so often you have to configure both.
– juunas
Nov 13 '18 at 13:16
NSG rules do not affect the VM firewall, so often you have to configure both.
– juunas
Nov 13 '18 at 13:16
If the reply is helpful, you could accept it, or let me know if you need further help.
– Nancy Xiong
Nov 15 '18 at 3:52
If the reply is helpful, you could accept it, or let me know if you need further help.
– Nancy Xiong
Nov 15 '18 at 3:52
thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.
– james
Nov 15 '18 at 10:55
thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.
– james
Nov 15 '18 at 10:55
@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?
– james
Nov 15 '18 at 11:23
@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?
– james
Nov 15 '18 at 11:23
No, it means the VM firewall allows the connection already.
– juunas
Nov 15 '18 at 11:53
No, it means the VM firewall allows the connection already.
– juunas
Nov 15 '18 at 11:53
add a comment |
2 Answers
2
active
oldest
votes
Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
add a comment |
There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.
Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.
Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53281834%2fdo-i-need-to-open-azure-nsg-firewall-rule-and-vm-firewall-rule-at-the-same-time%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
add a comment |
Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
add a comment |
Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
answered Nov 13 '18 at 14:48
4c74356b414c74356b41
26.4k42052
26.4k42052
add a comment |
add a comment |
There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.
Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.
Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
add a comment |
There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.
Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.
Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
add a comment |
There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.
Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.
Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.
Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.
Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
answered Nov 13 '18 at 14:55
Nancy XiongNancy Xiong
2,943118
2,943118
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53281834%2fdo-i-need-to-open-azure-nsg-firewall-rule-and-vm-firewall-rule-at-the-same-time%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
NSG rules do not affect the VM firewall, so often you have to configure both.
– juunas
Nov 13 '18 at 13:16
If the reply is helpful, you could accept it, or let me know if you need further help.
– Nancy Xiong
Nov 15 '18 at 3:52
thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.
– james
Nov 15 '18 at 10:55
@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?
– james
Nov 15 '18 at 11:23
No, it means the VM firewall allows the connection already.
– juunas
Nov 15 '18 at 11:53