[NEBULA] How to protect my network/NSG by using firewall rules on NSG?

Zyxel_Jason
Zyxel_Jason Posts: 374
25 Answers First Comment Friend Collector Fourth Anniversary
 Master Member
edited July 2022 in Network Security
Scenario 1:
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.


Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:


Firewall rules:


Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.
 

Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.
Jason