Azure Network : Prevent subnet to subnet communication
I have the following subnets
- Subnet_1 = 10.2.3.0
- Subnet_1 = 10.2.4.0
I want to prevent subnet to subnet communication. As far as I see, it can be done using the Network Security Group. However I am not sure about the required change.
I tried to reproduce the same in my environment to prevent communication between 2 Subnet
I have created 2 subnets in my Vnet, like below.
Subnet 1: Prod-Subnet (10.0.1.0/24)
Subnet 2: default (10.0.0.0/24)
In order to prevent communication between both the VNet, you need to create an inbound and outbound rule in same NSG group, like below.
I have created 2 virtual machines and attached above subnets to 2 virtual machines, like below.
Prod-subnet attached to VM1 Default Subnet attached to VM2
Create inbound and outbound rule in Network Security Group to block the communicatioin ,like below.
Inbound Rule:
Source IP: 10.0.0.9/24
Source Port: * ( for all)
Destination IP: 10.0.1.0/24
Destination Port: *( for all)
Service: custom
(Note: If you want block particular service and port, mention the port details and protocol type)
Outbound Rule:
Source IP: 10.0.1.0/24
Source Port: * ( for all)
Destination IP: 10.0.0.0/24
Destination Port: *( for all)
Service: custom
Tested communication and its getting denied from the subnets.
VM 1 Result
VM 2 Result
- WebJob is stopping due to website shutting down
- Is it possible to change the day returned from startofweek() and endofweek()?
- Handling Audio blobs sent through mediarecorder in JS through python server script for azure service
- Export app registrations with expiring secrets and certificates and send alert in teams
- SQL Azure import slow, hangs, but local import takes 3 minutes
- Issue with Group email address domain when create a new Microsoft 365 Group
- What is the URL for New Page in Azure DevOps Wiki? / How to bookmark New Page?
- Is there a dynamic way to get variables from Variable Group? Even secret ones? and insert in Azure Key Vault
- How do I configure my Bicep scripts to allow a container app to pull an image from an ACR using managed identity across subscriptions
- Azure DevOps. Can't trigger a pipeline in Repo A when a commit is done in repo B
- How to change the default Azure AI Search scoring to be increased when the whole search term is found exactly?
- List and download files in a folder in a blob with blob level SAS token
- How to change the Lease state of Azure Blob to Available
- unable to delete or move first step from logic app?
- Azure Terraform - Encrypt VM OS Disk
- How to temporary stop Azure API Management Service
- Unable to retrieve key vault certificates in azure runbook
- C#: 'A change set cannot include changes to more than '1' source resources' when adding a user To Group using Azure Graph API 2.0
- Set size limt to direct upload to azure blob storage via SAS URL
- Using AddAzureKeyVault makes my application 10 seconds slower
- PostGreSQL pg_dump psql and pg_restore errors with Azure Flexible SQL Server
- How to check signature of a token coming from Azure SSO
- How can I get error details from an if condition activity in Azure Data Factory?
- Getting a 404 for GET /robots933456.txt
- Given an Applications Insight Instrumentation key, get the name of the service in Azure
- How to specify rewrite url for query string parameters in Azure API Management
- Can a normal Azure Function and a Durable Azure Function coexist in the same Function App?
- TenantGuidNotFound when trying to send email using Microsfot GraphAPI
- Can't signin into microsoft account
- Azure Function App Kudu Functions API with empty response