Restrict Azure connections to a specific virtual subnet

Restrict Azure connections to a specific virtual subnet

Q. Is it possible to restrict users connecting via site-to-site or point-to-site to a specific virtual subnet in a virtual network?

A. There is no capability to specify a certain virtual subnet as the only target for communication from connections originating via site-to-site or point-to-site sources. However, what is possible is to leverage Network Security Groups (NSGs) as I described at http://windowsitpro.com/azure/network-security-groups-defined. Using NSGs it would be possible to create certain rules between virtual subnets and even specific hosts to control traffic flow which technically could block based on the source IP address for on-premises or the point-to-site address pool.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish