Do I need to open Azure NSG firewall rule and VM firewall rule at the same time












-1















VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?



Or do I also need to log onto both VM's and configure the firewall rules?



What is the proper way to configure this? in terms of best practice.










share|improve this question























  • NSG rules do not affect the VM firewall, so often you have to configure both.

    – juunas
    Nov 13 '18 at 13:16











  • If the reply is helpful, you could accept it, or let me know if you need further help.

    – Nancy Xiong
    Nov 15 '18 at 3:52











  • thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.

    – james
    Nov 15 '18 at 10:55











  • @juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?

    – james
    Nov 15 '18 at 11:23











  • No, it means the VM firewall allows the connection already.

    – juunas
    Nov 15 '18 at 11:53
















-1















VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?



Or do I also need to log onto both VM's and configure the firewall rules?



What is the proper way to configure this? in terms of best practice.










share|improve this question























  • NSG rules do not affect the VM firewall, so often you have to configure both.

    – juunas
    Nov 13 '18 at 13:16











  • If the reply is helpful, you could accept it, or let me know if you need further help.

    – Nancy Xiong
    Nov 15 '18 at 3:52











  • thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.

    – james
    Nov 15 '18 at 10:55











  • @juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?

    – james
    Nov 15 '18 at 11:23











  • No, it means the VM firewall allows the connection already.

    – juunas
    Nov 15 '18 at 11:53














-1












-1








-1








VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?



Or do I also need to log onto both VM's and configure the firewall rules?



What is the proper way to configure this? in terms of best practice.










share|improve this question














VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?



Or do I also need to log onto both VM's and configure the firewall rules?



What is the proper way to configure this? in terms of best practice.







azure firewall azure-nsg






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 13 '18 at 13:15









jamesjames

5519




5519













  • NSG rules do not affect the VM firewall, so often you have to configure both.

    – juunas
    Nov 13 '18 at 13:16











  • If the reply is helpful, you could accept it, or let me know if you need further help.

    – Nancy Xiong
    Nov 15 '18 at 3:52











  • thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.

    – james
    Nov 15 '18 at 10:55











  • @juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?

    – james
    Nov 15 '18 at 11:23











  • No, it means the VM firewall allows the connection already.

    – juunas
    Nov 15 '18 at 11:53



















  • NSG rules do not affect the VM firewall, so often you have to configure both.

    – juunas
    Nov 13 '18 at 13:16











  • If the reply is helpful, you could accept it, or let me know if you need further help.

    – Nancy Xiong
    Nov 15 '18 at 3:52











  • thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.

    – james
    Nov 15 '18 at 10:55











  • @juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?

    – james
    Nov 15 '18 at 11:23











  • No, it means the VM firewall allows the connection already.

    – juunas
    Nov 15 '18 at 11:53

















NSG rules do not affect the VM firewall, so often you have to configure both.

– juunas
Nov 13 '18 at 13:16





NSG rules do not affect the VM firewall, so often you have to configure both.

– juunas
Nov 13 '18 at 13:16













If the reply is helpful, you could accept it, or let me know if you need further help.

– Nancy Xiong
Nov 15 '18 at 3:52





If the reply is helpful, you could accept it, or let me know if you need further help.

– Nancy Xiong
Nov 15 '18 at 3:52













thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.

– james
Nov 15 '18 at 10:55





thanks, both replies were helpful. I didn't know NSG rules do not affect VM firewalls.

– james
Nov 15 '18 at 10:55













@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?

– james
Nov 15 '18 at 11:23





@juunas so why if i open 3389 on the NSG thats attached a VM I can RDP to it. That means NSG do affect VM firewalls...correct?

– james
Nov 15 '18 at 11:23













No, it means the VM firewall allows the connection already.

– juunas
Nov 15 '18 at 11:53





No, it means the VM firewall allows the connection already.

– juunas
Nov 15 '18 at 11:53












2 Answers
2






active

oldest

votes


















1














Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.






share|improve this answer































    1














    There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.



    Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.



    Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned






    share|improve this answer























      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53281834%2fdo-i-need-to-open-azure-nsg-firewall-rule-and-vm-firewall-rule-at-the-same-time%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      1














      Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.






      share|improve this answer




























        1














        Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.






        share|improve this answer


























          1












          1








          1







          Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.






          share|improve this answer













          Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 13 '18 at 14:48









          4c74356b414c74356b41

          26.4k42052




          26.4k42052

























              1














              There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.



              Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.



              Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned






              share|improve this answer




























                1














                There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.



                Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.



                Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned






                share|improve this answer


























                  1












                  1








                  1







                  There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.



                  Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.



                  Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned






                  share|improve this answer













                  There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.



                  Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.



                  Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 13 '18 at 14:55









                  Nancy XiongNancy Xiong

                  2,943118




                  2,943118






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53281834%2fdo-i-need-to-open-azure-nsg-firewall-rule-and-vm-firewall-rule-at-the-same-time%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Florida Star v. B. J. F.

                      Danny Elfman

                      Lugert, Oklahoma