I have made a network security group in Azure in order to block external connections to certain endpoints. I have added several rules to enforce this.
Currently the rules allow one white-listed IP To access all ports and another white-listed Port to access only two specific ports. My rules are as follows:
- Source: IP Addresses
- Source IP address range: XX.XXX.XXX.XX
- Source port range: *
- Destination: *
- Destination port range: *
- Protocol: Any
- Action Allow
- Priority: 1000
Name: Allow-All
Source: IP Addresses
- Source IP address range: YY.YYY.YY.YY
- Source port range: *
- Destination: *
- Destination port range: 1234
- Protocol: Any
- Action Allow
- Priority: 200
Name: Allow-Cus1-1234
Source: IP Addresses
- Source IP address range: YY.YYY.YY.YY
- Source port range: *
- Destination: *
- Destination port range: 4321
- Protocol: Any
- Action Allow
- Priority: 199
- Name: Allow-Cus1-4321
This works as expected and we are able to access our all our endpoints and the user of the other IP is able to access the two ports (1234 and 4321 that they have access to). However the problem arises when I want to open these two ports to additional other IP addresses. I added an additional two rules as below:
- Source: IP Addresses
- Source IP address range: ZZ.ZZZ.ZZ.ZZ
- Source port range: *
- Destination: *
- Destination port range: 1234
- Protocol: Any
- Action Allow
- Priority: 198
Name: Allow-Cus2-1234
Source: IP Addresses
- Source IP address range: ZZ.ZZZ.ZZ.ZZ
- Source port range: *
- Destination: *
- Destination port range: 4321
- Protocol: Any
- Action Allow
- Priority: 197
- Name: Allow-Cus2-4321
I thought this would work but it seems not to. So does anyone know if I have missed a step or forgotten to add any important information to the rules? My theory is somehow the similar rules are conflicting with each other.
Does anyone know if it is possible to add multiple IPs to the same inbound rule in a network security group?
