Home

NSGs

NSGs, or Network Security Groups, are a type of virtual firewall used in cloud networking to control access to resources within a virtual network. They are most commonly associated with Microsoft Azure, where an NSG provides a centralized set of rules to filter both inbound and outbound traffic for virtual machines, load balancers, and other resources. NSGs are designed to be stateful, meaning that if traffic is allowed in one direction, the response traffic is automatically permitted back.

An NSG contains security rules that specify how traffic should be handled. Each rule defines a direction

Azure NSGs include default rules that cover common scenarios, such as basic intra-VNet traffic and a catch-all

(inbound
or
outbound),
an
action
(allow
or
deny),
a
priority,
and
criteria
such
as
the
protocol,
source
and
destination
IP
ranges,
and
port
ranges.
Rules
are
evaluated
by
priority,
with
the
lowest-numbered
rule
taking
precedence;
the
first
matching
rule
determines
the
traffic
outcome.
NSGs
can
be
attached
to
a
network
interface
card
(NIC)
of
a
virtual
machine
or
to
a
subnet,
in
which
case
all
resources
within
the
subnet
inherit
the
NSG.
When
both
a
NIC
and
a
subnet
have
NSGs,
the
effective
set
of
rules
is
the
combination
of
both,
subject
to
priority
order.
denial.
Administrators
can
create
custom
rules
to
allow
or
deny
specific
traffic,
and
can
use
features
like
service
tags
or
application
security
groups
to
simplify
management.
Logging
and
monitoring
are
available
through
Network
Watcher
flow
logs
and
diagnostic
settings,
aiding
auditing
and
troubleshooting.
While
primarily
a
cloud-native
concept,
NSGs
are
broadly
analogous
to
firewall
rules
in
other
environments
and
are
a
core
tool
for
network
segmentation
and
access
control.