How to Disable Outbound Internet from a VM?

In this post we can see how to disable Outbound Internet Connectivity from a VM.

• Outbound Connections are Originated From the system

Step1 : Create an NSG (Network Security Group)

Step 2: Disable Internet

Go to the Outbound Security Rules.  By default there will be 3 rules which enables Internet. 

We need to create a new rule with Lower Priority Number so it will be picked first.

Click the Add Rule button.  Make the following changes.

Save changes.

Step 3: Associate NSG with VM

Now go to the VM > Change the NSG to the new one.

Step 4: Test Connectivity

Restart the VM > Go to RDP > Open Internet Explorer > Try www.bing.com

You should not get the page displayed.  It ensures Internet Connectivity is disabled now.

Network Security Group (NSG)

NSG protects Azure resources from Unauthorized Access.  In this post we can see the Features of Azure NSGs.

Capabilities

You can restrict Database Servers are only accessed from Application Servers thus protecting Legacy business data.

Rules can be configured to Allow access.

Rules can be configured to Deny access.

Restrictions can be set based on VNET

Flexibility

NSG offers the following flexibilities:

• Automatically created along with Azure Resources
• Inbound & Outbound rules are automatically created
• eg: Port 3359 Allow Rune for VM
• Reusability possible with multiple Azure Resources
• Create an NSG for VM and reuse across multiple VMs
• Tagging based restriction possible
• eg: VirtualMachine, AppService etc.

Example

Create a VM > Observe NSG automatically created.

Try accessing the VM from Windows RDP. You should be able to login.

Delete the rule 3359.  Wait for 1 minute for the NSG rule to be reflected. Try login again.  You should be denied.

Note

Inbound Rules restricts Incoming Traffic requests to the device.

Outbound Rules restricts Outgoing Traffic requests from the device.

Summary

In this post we have explored the features of NSGs and performed a Test experiment.