Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, September 5, 2017 7:40 AM
I'm trying to understand what happens if you have a network interface with no attached network security group linked to a VM.
I expected no traffic to be let through. But the impression I get is that if you don't have a network security group attached, then ALL traffic is let through to the machine.
If you migrate VM's from Azure Service Management to Azure Resource Manager, then the interfaces have no NSG's attached and you can't attach them until you complete the migration, meaning they would be open for all traffic. This would be a bit bad from security point of view because you would not be able to migrate VM's from ASM to ARM without leaving them open for attacks (in terms of NSG).
I haven't been able to find any documentation on this area. Anyone knows more?
All replies (1)
Tuesday, September 5, 2017 8:23 AM
There are default rules that apply yes, they are the same as if you apply an empty NSG. So only system routing, inter-vnet traffic etc. No public traffic by default.
Depending on your migration method, do you have the subnet already provisioned for the VMs to migrate to? If so, you can apply an NSG at that level until such a time that migration is complete and you can then be granular with rules per VM if more appropriate.
Joe