You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network-manager/how-to-block-high-risk-ports.md
-21Lines changed: 0 additions & 21 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,8 +46,6 @@ In this section, you deploy a Virtual Network Manager instance with the Security
46
46
47
47
1. On the *Basics* tab, enter or select the information for your organization:
48
48
49
-
:::image type="content" source="media/how-to-block-high-risk-ports/network-manager-basics-thumb.png" alt-text="Screenshot of Create a network manager Basics page." lightbox="media/how-to-block-high-risk-ports/network-manager-basics.png":::
50
-
51
49
| Setting | Value |
52
50
| ------- | ----- |
53
51
| Subscription | Select the subscription you want to deploy Azure Virtual Network Manager to. |
@@ -69,7 +67,6 @@ With your virtual network manager created, you now create a network group contai
69
67
1. On the *Network groups* page, select the network group you created.
70
68
1. Select **Add**, under **Static Membership** to manually add all the VNets.
71
69
1. On the **Add static members** page, select all of the virtual networks you wish to include, and select **Add**.
72
-
:::image type="content" source="media/how-to-block-high-risk-ports/add-members-manual-network-group.png" alt-text="Screenshot of Add Static Members page showing manual selection of virtual networks.":::
73
70
74
71
## Create a security admin configuration for all virtual networks
75
72
@@ -78,27 +75,16 @@ It’s time to construct our security admin rules within a configuration in orde
78
75
1. Select **Configurations** under *Settings* and then select **+ Create**.
79
76
1. Select **Security configuration** from the drop-down menu.
80
77
1. On the **Basics** tab, enter a *Name* to identify this security configuration and select **Next: Rule collections**.
81
-
82
-
:::image type="content" source="./media/how-to-block-network-traffic-portal/security-configuration-name.png" alt-text="Screenshot of security configuration name field.":::
83
-
84
78
1. Select **+ Add** from the *Add a security configuration page*.
85
-
86
79
1. Enter a *Name* to identify this rule collection and then select the *Target network groups* you want to apply the set of rules to. The target group is the network group containing all of your virtual networks.
87
80
88
-
:::image type="content" source="./media/how-to-block-network-traffic-portal/rule-collection-target.png" alt-text="Screenshot of rule collection name and target network groups.":::
89
-
90
81
## Add a security rule for denying high-risk network traffic
91
82
92
83
In this section, you define the security rule to block high-risk network traffic to all virtual networks. When assigning priority, keep in mind future exception rules. Set the priority so that exception rules are applied over this rule.
93
84
94
85
1. Select **+ Add** under **Security admin rules**.
95
-
96
-
:::image type="content" source="./media/how-to-block-network-traffic-portal/add-rule-button.png" alt-text="Screenshot of add a rule button.":::
97
-
98
86
1. Enter the information needed to define your security rule, then select **Add** to add the rule to the rule collection.
99
87
100
-
:::image type="content" source="./media/how-to-block-high-risk-ports/add-deny-rule.png" alt-text="Screenshot of add a rule page.":::
101
-
102
88
| Setting | Value |
103
89
| ------- | ----- |
104
90
| Name | Enter a rule name. |
@@ -119,11 +105,7 @@ In this section, you define the security rule to block high-risk network traffic
119
105
| Destination port | Enter a single port number or a port range such as (1024-65535). When defining more than one port or port ranges, separate them using a comma. To specify any port, enter *. Enter **3389** for this example. |
120
106
121
107
1. Repeat steps 1-3 again if you want to add more rules to the rule collection.
122
-
123
108
1. Once you're satisfied with all the rules you wanted to create, select **Add** to add the rule collection to the security admin configuration.
124
-
125
-
:::image type="content" source="./media/how-to-block-network-traffic-portal/save-rule-collection.png" alt-text="Screenshot of a rule collection.":::
126
-
127
109
1. Then select **Review + Create** and **Create** to complete the security configuration.
128
110
129
111
## Deploy a security admin configuration for blocking network traffic
@@ -135,9 +117,6 @@ In this section, the rules created take effect when you deploy the security admi
135
117
:::image type="content" source="./media/how-to-block-network-traffic-portal/deploy-configuration.png" alt-text="Screenshot of deploy a configuration button.":::
136
118
137
119
1. Select the **Include security admin in your goal state** checkbox and choose the security configuration you created in the last section from the dropdown menu. Then choose the region(s) you would like to deploy this configuration to.
138
-
139
-
:::image type="content" source="./media/how-to-block-network-traffic-portal/deploy-security-configuration.png" alt-text="Screenshot of deploy a security configuration page.":::
140
-
141
120
1. Select **Next** and **Deploy** to deploy the security admin configuration.
142
121
143
122
## Create a network group for traffic exception rule
0 commit comments