Task 10You plan to deploy several virtual machines to subnet1-2.

To prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet 1-2, you can use a  Network Security Group (NSG) . This solution is straightforward and minimizes administrative effort.

Step-by-Step Solution

Step 1: Create a Network Security Group (NSG)

Navigate to the Azure Portal .

Search for “Network security groups”  and select it.

Click on “Create” .

Enter the following details :

Subscription : Select your subscription.

Resource Group : Select an existing resource group or create a new one.

Name : Enter a name for the NSG (e.g., NSG-Subnet1-2).

Region : Select the region w here your virtual network is located.

Click on “Review + create”  and then  “Create” .

Step 2: Create an Inbound Security Rule

Navigate to the newly created NSG .

Select “Inbound security rules”  from the left-hand menu.

Click on “Add”  to create a new rule.

Ent er the following details :

Source : Select  Service Tag .

Source Service Tag : Select  VirtualNetwork .

Source port ranges : Leave as *.

Destination : Select  IP Addresses .

Destination IP addresses/CIDR ranges : Enter the IP range of subnet1-2 (e.g., 10.1.2.0/24).

Destination port ranges : Enter 5585.

Protocol : Select  TCP .

Action : Select  Deny .

Priority : Enter a priority value (e.g., 100).

Name : Enter a name for the rule (e.g., Deny-TCP-5585).

Click on “Add”  to create the rule.

Step 3: Associate the NSG with Subnet1-2

Navigate to the virtual network  that contains subnet1-2.

Select “Subnets”  from the left-hand menu.

Select subnet1-2  from the list of subnets.

Click on “Network security group” .

Select the NSG  you created (NSG-Subnet1-2).

Click on “Save” .

Explanation

Netwo rk Security Group (NSG) : NSGs are used to filter network traffic to and from Azure resources in an Azure virtual network.  They contain security rules tha t allow or deny inbound and outbound traffic based on source and destination IP addresses, port, and pr otocol 1 .

Inbound Security Rule : By creating a rule that denies traffic on TCP port 5585 from any source outside of subnet1-2, you ensure that only hosts within subnet1-2 can connect to this port.

Association with Subnet : Associating the NSG with subnet1-2 ensures that the security rules are applied to all resources within this subnet.

By following these steps, you can effectively prevent all Azure hosts outside of subnet1-2 from connecting to TCP port 5585 on hosts within subnet1-2, while minimizing administrative effort.