Introduction
In my last post I mentioned that the NSGs (Network Security Groups) had a serious impact on your deployment. So today I’ll be doing a quick demo a possible annoyance you might encounter.
The demo environment
About the same setup as the last time… One VNET, three subnets ; firewall in subnet 10.0.0.0/24, one server in 10.0.1.0/24 and another server in 10.0.2.0/24.
When taking a firewall from the marketplace, these appliances are typically deployed with NSGs attached. By default you get no outgoing rules & a few incoming rules.
So we’ll be doing a test with the NSGs as deployed by default. And then afterwards change them to the ones underneath…
The Test
- The first ping is between the two servers. No issues there…
- The second ping is to an external host and that one fails.
- So we’ll add the rules as specified above… and give it some time (don’t be impatient like me!)
- And then we see the ping succeeding!
TL;DR
Be aware of the impact of NSGs! You are using two sets of firewalls. So keep your focus or some actor will interfere with your network flow without you realising it immediately!
(sidenote; I do NOT advise using these NSG rules for production workloads!)
Easy!