https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic
Create a virtual network
Create application security groups
Create a network security group
Associate network security group to subnet
Create security rules
Create virtual machines
Associate network interfaces to an ASG
Test traffic filters
Create a virtual network
Create application security groups
Create a network security group
Associate network security group to subnet
Create security rules
Create a security rule that allows ports 80 and 443 to the myAsgWebServers application security group. In Add inbound security rule page, enter or select this information:
Now make and Allow-RDP-ME (Using whats my ip)
Destination application security group Select myAsgMgmtServers.
Create virtual machines
Virtual machine name Enter myVMWeb.
Select inbound ports Select None.
Subnet Select subnet31 (10.50.0.0/24).
Public IP Leave the default of a new public IP.
NIC network security group Select None.
Create it and redeploy them template from the portal, edit Virtual Machine RG to same as the rg
Virtual machine name Enter myVMMgmt.
Select inbound ports Select None.
Subnet Select subnet31 (10.50.0.0/24).
Public IP Leave the default of a new public IP.
NIC network security group Select None.
Associate network interfaces to an ASG
Add the network interface of each VM to one of the application security groups you created previously:
80 and 443
Management VM
3389 RDP
Test traffic filters
Test RDP to myVMMgmt from internet
Test RDP to myVMWEb from myVMMgmt
Open a PowerShell session on myVMMgmt. Connect to myVMWeb using the following:
mstsc /v:myVmWeb
The RDP connection from myVMMgmt to myVMWeb succeeds because virtual machines in the same network can communicate with each other over any port by default.
Test RDP to myVMWEb from internet
Correct due to ASG
To install Microsoft IIS on the myVMWeb virtual machine, enter the following command from a PowerShell session on the myVMWeb virtual machine:
Or from the myVMWeb virtual machine -> Run Command -> RunPowerShellScript
Install-WindowsFeature -name Web-Server -IncludeManagementTools
Visit the myVMWeb , cp the public IP, is allowed due to ASG
Visit the myVMMgmt , cp the public IP, is denied due to ASG