![]() In the world of Azure, all network security begins with an NSG. But in the real world, you should lock down network access. It is easy to stand up a WAG/WAF in Azure and get it up and running. Create a rule, with the lowest priority (4096) to Deny All from Any source.Create a low priority (4000) rule to allow any protocol/port from the AzureLoadBlanacer service tag to the CIDR address of the WAG/WAF.Create rules to allow application traffic, such as TCP 443 or TCP 80, from your sources to the CIDR address of the WAG/WAF.Create an inbound rule to allow TCP 65503-65534 from the Internet service tag to the CIDR address of the WAG/WAF subnet.Create a Network Security Group (NSG) for the subnet.Deploy a WAG/WAF to a dedicated subnet.In this post, I will explain how you can use a Network Security Group (NSG) to completely lock down network access to the subnet that contains an Azure Web Application Gateway (WAG)/Web Application Firewall (WAF).
0 Comments
Leave a Reply. |