Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Lock down access to Azure VM to specific IP

Tags:

hosting

azure

azure-virtual-machine

We're planning to sign up for the Azure VM trial as soon as it comes out of preview. In the meantime however, can someone please clarify the following?

Currently users can access an Azure VM instance using a Remote Desktop Connection (RDC). Is it possible however to 'lock down' the Azure VM instance so that only a specified IP address can connect via RDC?

This would provide us with some extra security knowing only our fixed office IP could connect to our live data server. Or is there a different approach?

like image 990
EvilDr Avatar asked Nov 05 '12 13:11

EvilDr

People also ask

How do I restrict access to a virtual machine?

Enter in "Manage Rules" menu, and click "Add Rule" icon on the upper right. Choose protocol and ports you want to secure, set "Direction" as "Ingress" and "Remote" as CIDR. Enter desired IP range or single number allowed to access your VM. Confirm your choice by clicking "Add" button.

How do I block an IP address on my Azure VM?

You can use the Network Security Groups(NSG) to block some IPs. You can add different rules in one NSG and config this NSG to your cloud service's VNet. Firstly, you need to have a NSG with rules that can block the target IPs. You can use portal to create the NSG and add rules in it.

How do I assign a Private IP to Azure VM?

In the network interface properties, select IP configurations in Settings. Select ipconfig1 in the IP configurations page. Select Static in Assignment. Change the private IP address if you want a different one, and then select Save.

1 Answers

The Windows Azure load balancer (through which all traffic is routed) doesn't have any type of IP-whitelist feature. You'd need to implement that in your VM's firewall. If this is a Cloud Service (PaaS), then the firewall rules would be applied to any new instance that's spun up. With IaaS, you'd either apply the rules to each VM or set the rules up initially in a VM that you subsequently use as an image for additional VMs.

EDIT 7/29/2013 This answer is a bit dated. Virtual Machines now have IP-based endpoint ACL allow/deny lists, currently accessible via PowerShell. You can set up separate IP filtering for each endpoint so, in your case, you could lock down the RDP port specifically. See this blog post for more information.

like image 117
David Makogon Avatar answered Sep 19 '22 17:09

David Makogon
Sign in to Comment

Related questions

TableController vs ApiController in Azure Mobile Apps
Unable to access my X509Certificate2's PrivateKey In Azure
ASP.NET 4.6 doesn't turn response in HTTP2 (azure website)
"The X.509 certificate CN=servicebus.windows.net" Azure Service Bus Queue
Is an Azure App Service IP Address considered a static IP for DNS purposes?
Is current request being made over SSL with Azure deployment
What is use of azure functions AzureWebJobsStorage and AzureWebJobsSecretStorageType settings
How do I run Azure Cli Script using my local Azure Cli installation
Microsoft Graph Api User.Read.All Not granted for my domain
Azure DevOps Powershell script Could not create SSL/TLS secure channel
Debug single role instance with Azure Compute emulator
Windows Azure: how do I expose a configuration setting as an environment variable?
The specified blob does not exist - Shows in azure browser - but when I click download does not exist
How to make Azure websites "private" during development?
Web API - Get progress when uploading to Azure storage
How to configure customer-specific API keys for Azure Functions
Use and setup of WAF with Azure App Service Web Application?
Confused on how to get access tokens from B2C in Blazor App
Generic class for performing mass-parallel queries. Feedback?
Windows Azure Worker Role not getting past first line of code

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!