Block communication between Subnets in Azure

In this blog , We will explore communication between subnets.

Let’s say ,Your company wants to block communication between two VMs. They currently reside on the same network and on the same subnet. Ensure they are separated into different subnets and communication is blocked using a network security group.

We have already created two VMs residing in same network and on the same subnet(default subnet).

Currently able to communicate from WinVM to linVM.

Now let’s create new subnet to block communication between two subnet and move it.

1- Create a New Subnet

  1. Click + button left (this is the portal menu button).
  2. Click Virtual networks.
  3. Create virtual network by providing details.
  4. Click Subnets in the left-hand menu.
  5. Click + Subnet.
  6. In the pane that appears, set the following values:
    • Namesubnet2
    • Address range (CIDR block)10.0.1.0/24
  7. Click OK.

After filling Subnet details click save.

2- Create New Network Security Group Rules

  1. Click the portal menu button in the upper left.
  2. Click All services.
  3. Search for “nsg”.
  4. In the search results, click Network security groups.
  5. Create network security group by providing details.
  6. Click Inbound security rules in the left-hand menu.
  7. Click + Add.
  8. In the pane that appears, set the following values:
    • SourceIP Addresses
    • Source IP addresses/CIDR ranges10.0.1.0/24
    • Source port ranges: *
    • DestinationAny
    • Destination port ranges: *
    • ProtocolAny
    • ActionDeny
    • Priority100
    • Nameblock_all_subnet2

Provide details of inbound security details and click add.

Provide details of outbound security details and click add.

Now we have another subnet subnet2 to block communication between VMs.

3- Move the VM to the New Subnet

  1. Click the portal menu button in the upper left.
  2. Click Virtual machines.
  3. Click linVM.
  4. Click Networking in the left-hand menu.
  5. Click the listed network interface (it’ll be named something like nic2-bhfpm).
  1. Click IP configurations in the left-hand menu.
  2. In the Subnet dropdown, click to select subnet2.
  3. Click Save.
  1. Click Virtual machines in the breadcrumb link trail at the top of the screen.
  2. Click winVM.
  3. Click Connect > RDP.
  4. Click Download RDP File.
  1. Open the RDP file, and log in to the VM using your credentials
  2. In the Windows VM, click the Windows menu button in the lower left and search for “CMD”.
  3. Select the Command Prompt desktop app.
  4. Attempt to ping ip subnet2:ping 10.0.1.4 You’ll see a message saying Request timed out. This means the communication is blocked, so you were successful in completing the lab objectives.

Leave a Reply

Your email address will not be published. Required fields are marked *