Reputation: 181
Azure Network Security Groups - Inbound allow multiple IPs to access specific port
I have made a network security group in Azure in order to block external connections to certain endpoints. I have added several rules to enforce this.
Currently the rules allow one white-listed IP To access all ports and another white-listed Port to access only two specific ports. My rules are as follows:
- Source: IP Addresses
- Source IP address range: XX.XXX.XXX.XX
- Source port range: *
- Destination: *
- Destination port range: *
- Protocol: Any
- Action Allow
- Priority: 1000
Name: Allow-All
Source: IP Addresses
- Source IP address range: YY.YYY.YY.YY
- Source port range: *
- Destination: *
- Destination port range: 1234
- Protocol: Any
- Action Allow
- Priority: 200
Name: Allow-Cus1-1234
Source: IP Addresses
- Source IP address range: YY.YYY.YY.YY
- Source port range: *
- Destination: *
- Destination port range: 4321
- Protocol: Any
- Action Allow
- Priority: 199
- Name: Allow-Cus1-4321
This works as expected and we are able to access our all our endpoints and the user of the other IP is able to access the two ports (1234 and 4321 that they have access to). However the problem arises when I want to open these two ports to additional other IP addresses. I added an additional two rules as below:
- Source: IP Addresses
- Source IP address range: ZZ.ZZZ.ZZ.ZZ
- Source port range: *
- Destination: *
- Destination port range: 1234
- Protocol: Any
- Action Allow
- Priority: 198
Name: Allow-Cus2-1234
Source: IP Addresses
- Source IP address range: ZZ.ZZZ.ZZ.ZZ
- Source port range: *
- Destination: *
- Destination port range: 4321
- Protocol: Any
- Action Allow
- Priority: 197
- Name: Allow-Cus2-4321
I thought this would work but it seems not to. So does anyone know if I have missed a step or forgotten to add any important information to the rules? My theory is somehow the similar rules are conflicting with each other.
Does anyone know if it is possible to add multiple IPs to the same inbound rule in a network security group?
Upvotes: 0
Views: 2061
Answers (1)
Reputation: 43
I am not sure what exactly has been asked in above question but as per my understanding, here is what I know.
So we can add Source and destination port/IP using comma separated like following e.g.
Source: IP Addresses
Source IP address range: ZZ.ZZZ.ZZ.ZZ,YY.YYY.YY.YY
Source port range: *
Destination: *
Destination port range: 4321,4562,7589
Protocol: Any
Action Allow
Priority: 197
Name: Allow-Cus2-4321
Upvotes: 1
Related Questions
- All network port restricted on network security group which have dev Tag
- Azure (PowerShell) How to add an additional IP to multiple existent Network Security Groups (Source Address Prefix field)?
- Multiple Azure Container Instance groups on one fixed IP
- Multiple egress IPs for Azure Container Group
- Azure network security group Add source ip prefixes using variable
- How to allow access from certain IP to certain endpoints in Azure?
- can not access Azure VM thru port 8888
- How to use multiple destination port in single NSG SecurityRule in ARM template
- Whitelisting specific IP Addressess with Azure Network Security Groups
- Azure network security group/security rule - address_prefixes and port_ranges