0

We are looking for an automated way to identify which are the Effective Security Rules that are applied to a Network Interface (NIC). We are aware that we can achieve this using a REST API call: Network Interfaces - List Effective Network Security Groups - REST API

But we have the following concerns about the output/result:

  1. How many Network Security Groups (NSG) can be attached to a NIC? Which is the current limit, or there is no limit at all?
  2. When there are multiple NSGs attached to a NIC and those NSGs have different rules with the same priority how are they applied? How Azure make the merge of them?
  3. Is there additional complexity added if a SubNet is also linked to them?
delucaezequiel
  • 483
  • 2
  • 9
  • 26

1 Answers1

0

You cant attach multiple NSGs to a NIC. You can attach one NSG to a NIC, also you can attach one NSG to the subnet. If you attach NSG on both places, first the subnet NSG handles the traffic, then the NIC NSG. More information: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works

Gergő Vadász
  • 3
  • 2