Network Security Group (NSG)
Network Security Group (NSG) helps to filter inbound and outbound traffic from Azure Virtual Machine and PAAS(Web and Worker Role - Classic Model). These rules can be applied on the Network Interface Card(NIC), Subnet, and in the Network Configuration Schema. It function as a mini firewall. Rules are evaluated based on the weight assigned to them. Lower weight will be evaluated first. By default, it contain at least 3 inbound (AllowVNetInBound, AllowAzureLoadBalancerInBound, DenyAllInBound) and 3 outbound rules(AllowVnetOutBound, AllowInternetBound, DenyAllOutBound). NSG can be applied using portal, PowerShell, CLI and using Template and easy way is via portal. NSG FAQ 1. How can I check if my rules are applied or not? Ans: Using the built in tool Network Watcher you can verify is rules is being applied and working or not. Remember, Network Watcher needs to be enabled before performing check. 2. How to know which rules will be evaluated first? / How priority is defined