Today, I will explain the 3 default security rules that come with every Azure Network Security Group (NSG) that you have probably seen in your VM’s NSG.
By default, every Azure Virtual MAchine comes with a pre-configured, Network Security Group (NSG) that acts as a virtual firewall that is job is to protect your VM from malicious and unauthorized access. To make the VM secure and also available to other hosts inside the Vnet Azure has designed every NSG to have 3 default rules that allow internal connectivity but also protection from external sources.
In the table below, I have listed the three default rules that come with every NSG in Microsoft Azure.
The screenshot below shows the three rules in the Azure NSG console, and I will explain each one of them.
AllowVnetInBound – This rule permits all the hosts inside the virtual network (including subnets) to communicate between them without any blocks.
AllowAzureLoadBalancerInBound – This rule allows an Azure load balancer to communicate with your VM and send heartbeats.
DenyAllInBound – This is the deny all rule that blocks any inbound traffic to the VM by default and protect the VM from malicious access outside the Azure Vnet.