How can we improve Azure Networking?

← Networking

Ability to create source/destination objects containing multiple IP addresses/ranges

When creating NSGs it would be nice to be able to define network object groups that contain a list of IP addresses or ranges which can then be applied to the source or destination addresses of the NSG. If I only want to allow services to a specific set of IPs I have to create a rule for each distinct IP address. Even having the ability to add multiple IPs or IP ranges would work for source/destination but objects would be better so they can be used across multiple rules.

159 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Greg M shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Alexei Andreyev commented  ·   ·  Flag as inappropriate

    How feasible would it be to use VM compute metadata to reference specific tags in NSG rules? AWS has something like this and it would be great to be able to manage NSG source/destination dynamically using VM metadata or some sort of resource manager group resource. Automatic scaling of server groups would be a lot easier if NSGs could be modified via this route.

  • Alexei Andreyev commented  ·   ·  Flag as inappropriate

    This would be hugely useful in more complex deployments where grouping src/dst addresses and ports into objects is a must-have feature.

Networking: Security (ACLs, Firewalls, Intrusion Detection)

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice