Type '/' to Search

»Network Security Groups

You can configure network security group settings to open the virtual firewall between your HVN and your Azure cloud network.

»Overview

A network security group is an entity in Azure that functions as a virtual firewall between your Azure instances. Security groups manage protocol and port permissions for Azure traffic in order to control inbound and outbound traffic. For additional information, refer to the Azure documentation on How network security groups filter network traffic.

To establish communication between your HashiCorp Virtual Network (HVN) and your Azure VNet, you must:

  • Create a security group.
  • Configure ingress (inbound) rules.
  • Configure egress (outbound) rules.

To configure security group rules, you can use either the Azure portal or the Azure Command Line Interface.

Tip: Creating custom security group configurations for your HCP products improves infrastructure security. However, administrative flexibility may reduce over time as you introduce multiple service deployments.

»Update Network Security Groups

  1. Sign in to the HCP Portal and select your organization.
  2. From the sidebar, click HashiCorp Virtual Network
  3. Click on an HVN in the ID column.
  4. From the sidebar, click Peering connections.
  5. Enter your Azure Network security group ID.
  6. Copy the code generated on HCP, then run it in Azure.

»Network Security Group Rules Reference

»Inbound rules

To allow inbound traffic from your HVN, specify the following rules on your Azure VNet:

PriorityNamePortProtocolSourceDestinationAction
400ConsulServerInbound8301AnyHVN-CIDRVirtualNetworkAllow
401ConsulClientInbound8301AnyVirtualNetworkVirtualNetworkAllow

»Outbound rules

PriorityNamePortProtocolSourceDestinationAction
400ConsulServerOutbound8300-8301AnyVirtualNetworkHVN-CIDRAllow
401ConsulClientOutbound8301AnyVirtualNetworkVirtualNetworkAllow
402HTTPOutbound80AnyVirtualNetworkHVN-CIDRAllow
403HTTPSOutbound443AnyVirtualNetworkHVN-CIDRAllow