Skip to content
Browse files
Updated for NSG-ICMP support
  • Loading branch information
jispar committed Jul 16, 2019
1 parent 9a699d7 commit 1b9bc0cef92ac9efa817b0695d0269b6781951fe
Showing with 1 addition and 1 deletion.
  1. +1 −1 articles/virtual-network/
@@ -119,7 +119,7 @@ There is a limit to how many rules per network security group can create per Azu
|Source port ranges | Specify a single port, such as 80, a range of ports, such as 1024-65535, or a comma-separated list of single ports and/or port ranges, such as 80, 1024-65535. Enter an asterisk to allow traffic on any port. | The ports and ranges specify which ports traffic is allowed or denied by the rule. There are limits to the number of ports you can specify. See [Azure limits](../ for details. |
|Destination | Select **Any**, **Application security group**, **IP addresses**, or **Virtual Network** for outbound security rules. If you're creating an inbound security rule, the options are the same as options listed for **Source**. | If you select **Application security group** you must then select one or more existing application security groups that exist in the same region as the network interface. Learn how to [create an application security group](#create-an-application-security-group). If you select **Application security group**, then select one existing application security group that exists in the same region as the network interface. If you select **IP addresses**, then specify **Destination IP addresses/CIDR ranges**. Similar to **Source** and **Source IP addresses/CIDR ranges**, you can specify a single, or multiple addresses or ranges, and there are limits to the number you can specify. Selecting **Virtual network**, which is a service tag, means that traffic is allowed to all IP addresses within the address space of the virtual network. If the IP address you specify is assigned to an Azure virtual machine, ensure that you specify the private IP, not the public IP address assigned to the virtual machine. Security rules are processed after Azure translates the public IP address to a private IP address for inbound security rules, and before Azure translates a private IP address to a public IP address for outbound rules. To learn more about public and private IP addresses in Azure, see [IP address types]( |
|Destination port ranges | Specify a single value, or comma-separated list of values. | Similar to **Source port ranges**, you can specify a single, or multiple ports and ranges, and there are limits to the number you can specify. |
|Protocol | Select **Any**, **TCP**, or **UDP**. | |
|Protocol | Select **Any**, **TCP**, **UDP** or **ICMP**. | |
|Action | Select **Allow** or **Deny**. | |
|Priority | Enter a value between 100-4096 that is unique for all security rules within the network security group. |Rules are processed in priority order. The lower the number, the higher the priority. It's recommended that you leave a gap between priority numbers when creating rules, such as 100, 200, 300. Leaving gaps makes it easier to add rules in the future that you may need to make higher or lower than existing rules. |
|Name | A unique name for the rule within the network security group. | The name can be up to 80 characters. It must begin with a letter or number, end with a letter, number, or underscore, and may contain only letters, numbers, underscores, periods, or hyphens. |

0 comments on commit 1b9bc0c

Please sign in to comment.