Hi guys, I'm trying to create and apply an NSG to a VM, however it doesn't seem to work and not sure what I'm doing wrong.
I'm trying to deny a VM from being able to communicate with another VM (10.50.0.20).
Below is the NSG ruleset and the single rule I created (in bold).
Name Priority Action Source Address Source Port Destination Destination Protocol
Prefix Range Address
Prefix Port Range
---- -------- ------ --------------- ------------- ---------------- -------------- --------
ALLOW VNET INBOUND 65000 Allow VIRTUAL_NETWORK * VIRTUAL_NETWORK * *
ALLOW AZURE LOAD 65001 Allow AZURE_LOADBALAN * * * *
BALANCER INBOUND CER
DENY ALL INBOUND 65500 Deny * * * * *
Type: Outbound
Name Priority Action Source Address Source Port Destination Destination Protocol
Prefix Range Address
Prefix Port Range
---- -------- ------ --------------- ------------- ---------------- -------------- --------
BlockTest 600 Deny VIRTUAL_NETWORK * 10.50.0.20/32 * *
ALLOW VNET OUTBOUND 65000 Allow VIRTUAL_NETWORK * VIRTUAL_NETWORK * *
ALLOW INTERNET 65001 Allow * * INTERNET * *
OUTBOUND
DENY ALL OUTBOUND 65500 Deny * * * * *
The way I read it is that any outbound traffic heading to 10.50.0.20 should be blocked?!
After creating the NSG and rule, I ran the below command to apply it to the VM:
Get-AzureVM -ServiceName "CS1" -Name "TestVM01" | Set-AzureNetworkSecurityGroupConfig -NetworkSecurityGroupName "TestNSG"
$VM = Get-AzureVM -ServiceName "CS1" -Name "TestVM01"
Update-AzureVM -VM $VM.VM -Name $VM.Name -ServiceName $VM.ServiceName
After applying the NSG I can still access the server on 10.50.0.20. I can still ping it and RDP to it from the TestVM01 machine.
Am I missing something?