Skip to content
Pass Microsoft, Cisco, Sap and Salesforce Exams
Menu
  • Home
  • Exams
  • Certifications
  • Cloud Computing
  • Cyber Security
  • Contact Us
  • Log in
  • Sign up
Menu

Create and configure an application security group

Posted on 2024-09-062024-09-06 by zeusexam

Create and configure an application security group
Application security groups (ASGs) are separate objects that you create in your Azure subscrip- tion. You can think of an ASG like a group object in an identity system–members of the group have the permissions and access that are assigned to the group. ASGs work in a similar way— you add NICs to the group, then create NSG rules that apply to the ASG. Then, any network interface that is a member of the ASG will have the NSG rules applied.
To create an ASG, do the following:

  1. From the Azure portal, search for Application security groups.
  2. On the ASG blade, click Create.
  3. On the Create An Application Security Group blade, complete the required fields:
    Subscription, Resource Group, Name, and Region.
  4. Click Review + Create, and then click Create. A sample is displayed in Figure 4-28.

FIGURE 4-28 Creating a new ASG named asg-webtier

After you create an ASG, the next logical step is to associate network interfaces with the group. This action is performed from the virtual machine object that has the NIC associated with it. To add the NIC to an ASG, navigate to a virtual machine.

  1. On the VM object, click Networking.
  2. On the VM Networking blade, ensure that the NIC you want to configure is selected,
    and then click the Application Security Groups tab, as shown in Figure 4-29.

FIGURE 4-29 The Networking blade of a VM

  1. On the Application Security Groups tab, click Configure The Application Security
    Groups.
  2. On the Configure The Application Security Groups blade, select the ASG you have cre- ated from the Application Security Groups drop-down menu, as shown in Figure 4-30. Then click Save.

FIGURE 4-30 Configure the Application Security Groups blade

After you have created an ASG and added one or more network interfaces to it, you can use the ASG as part of an NSG rule. To do so, select Application Security Group as the Destination Type. Then, from the Destination Application Security Groups menu, select the ASG that you created. An example of modifying the rule that was created earlier in this skill is displayed in Figure 4-31.

FIGURE 4-31 Using an ASG as part of an NSG rule

Evaluate effective security rules
When troubleshooting networking issues, it can be useful to have deeper insight into exactly how NSGs are being applied. When NSG rules are defined using service tags and application security groups, instead of explicit IP addresses or prefixes, it sometimes isn’t clear whether a particular flow matches a particular rule.
The Effective Security Rules view is designed to provide this insight. You can drill into each NSG rule and see the exact list of source and destination IP prefixes that have been applied, regardless of how the NSG rule was defined.
To access the Effective Security Rules view, your virtual machine must be running because
the data is taken directly from the configuration of the running VM.
Using the Azure portal, open the Virtual Machine blade and then click Networking. This will show the networking settings, including the NSG rules and a convenient Add Inbound Port Rule button. Near the top of this blade, click Effective Security Rules, as shown in Figure 4-32, to open the Effective Security Rules blade.

FIGURE 4-32 Azure virtual machine Networking blade

The Effective Security Rules blade (see Figure 4-33) looks very similar to the Networking blade shown in Figure 4-32. It shows the name of the network interface and associated NSGs, along with a list of NSG rules.

FIGURE 4-33 Azure virtual machine Effective Security Rules blade

The difference becomes clear when you click one of the NSG rules, which displays the exact source and destination IP address prefixes used by that rule. For example, in Figure 4-34, you can see the exact list of IP address prefixes used for the Allow_HTTP_HTTPS rule.

FIGURE 4-34 Effective Security Rules blade showing internet address prefixes

With the exact list of address prefixes for each NSG rule, you can investigate networking issues without fear of any ambiguity about how NSG rules are defined.

Post navigation

← TCP Overview – 100-150 Exam Guide
UDP Overview – 100-150 Exam Guide →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • 100-150 Study Course
  • AWS Study Course
  • AZ-104 Study Course
  • Certified Advanced Salesforce Admin
  • Cisco Study Course
  • CLF-C02 Study Course
  • Google
  • Google Associate Cloud Engineer
  • Microsoft Study Course
  • Salesforce
  • Study Course
© 2024 Zeusexam, Inc. All rights reserved. | Privacy Statement | Terms of Use | Use of Cookies | Trust | Accessibility | Cookie Preferences | Your Privacy Choices