配置NSG限制VM访问Internet

标签：blank

配置NSG限制VM访问Internet

什么是网络安全组 (NSG)？

http://www.windowsazure.cn/documentation/articles/virtual-networks-nsg

新建一个安全组

New-AzureNetworkSecurityGroup-Name"DMZNSG"-Location"China East"

定义变量

$NSGGroup=Get-AzureNetworkSecurityGroup-NameDMZNSG

配置针对10.0.1.6这台虚拟机Outbound,拒绝访问Internet

$NSGGroup|Set-AzureNetworkSecurityRule-Nameblock-internet-ActionDeny-Protocol *-TypeOutbound-Priority200-SourceAddressPrefix‘10.0.1.6/32‘-SourcePortRange*-DestinationAddressPrefixInternet-DestinationPortRange*

配置针对10.0.1.6这台虚拟机Inbound规则,允许Inbound

$NSGGroup|Set-AzureNetworkSecurityRule-NameAllow-inbound-ActionAllow-Protocol*-TypeInbound-Priority200-SourceAddressPrefix*-SourcePortRange*-DestinationAddressPrefix‘10.0.1.6/32‘-DestinationPortRange*

$NSGGroup|Set-AzureNetworkSecurityGroupToSubnet-VirtualNetworkNamewrf-SubnetNameSubnet-1

测试：

通过远程桌面连接Azure VM，发现虚拟机无法访问外网。

外网可以访问

取消分配Remove-AzureNetworkSecurityGroupAssociation -VirtualNetworkName wrf -SubnetName Subnet-1

然后删除Remove-AzureNetworkSecurityGroup

配置NSG限制VM访问Internet

标签：blank

原文地址：http://286722.blog.51cto.com/276722/1747418