[NEBULA] How to protect my network/NSG by using firewall rules on NSG?

Zyxel_Jason · May 2020

Scenario 1:
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.

Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:

Image: https://us.v-cdn.net/6029482/uploads/editor/x1/s1pi7y0zzi9m.jpg

Firewall rules:

Image: https://us.v-cdn.net/6029482/uploads/editor/x3/ps5xu9j94v9r.jpg

Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.

Image: https://us.v-cdn.net/6029482/uploads/editor/ln/i8ds73spwl8i.jpg

Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.

[NEBULA] How to protect my network/NSG by using firewall rules on NSG?

Categories