Associate a Network Security Group (NSG) to subnet

Cesar picture Cesar · Sep 10, 2015 · Viewed 7.7k times · Source

I'm having some difficulties when creating a VNET/Subnet. I'm also making use of ASE and for that I can only use a Classic VNET.

Azure offers two types of VNET. Depending on how you create it (via Azure Portal, xplat-cli, old portal, powershell) this VNET can be "Classic" (indicated by the "<...>" icon in blue) or "Resource Manager (indicated by the icon "<...>" in green).

As far I can see, it doesn't seems possible to assign a NSG to a Classic VNET. Does it means that I cannot have a NSG over my ASE (because ASE can only be created ontop of Classic VNETs) ? This doesn't seems right..

Answer

MrBink picture MrBink · Sep 10, 2015

Assuming you use Powershell, Set-AzureNetworkSecurityGroupToSubnet cmdlet in service management mode will associate a NSG to a subnet.

Update:

PS> Switch-AzureMode AzureServiceManagement
PS> (Get-AzureVNetSite -VNetName "Group vnetnsg vnetnsg").Subnets

Name     AddressPrefix ExtensionData
----     ------------- -------------
default  10.0.0.0/24
subnet-1 10.0.1.0/24

PS> New-AzureNetworkSecurityGroup -Name "NsgOnSubnet" -Location "West Europe"

Name        Location    Label
----        --------    -----
NsgOnSubnet West Europe

PS> Set-AzureNetworkSecurityGroupToSubnet -Name NsgOnSubnet -VirtualNetworkName "Group vnetnsg vnetnsg" -SubnetName "subnet-1"
PS> Get-AzureNetworkSecurityGroupAssociation -VirtualNetworkName "Group vnetnsg vnetnsg" -SubnetName "subnet-1"

Name        Location    Label
----        --------    -----
NsgOnSubnet West Europe