Solved: Security Groups

vSohill · ‎03-12-2019

Hi,

If i have 2 security groups SGAppParent and SGWebParent. In SGAppParent I create it security group1 SGApp1,SGApp2 ,the same under SGWebParent there are SGWeb1 SGWeb2.

SGApp1 must talk with SGWeb1 and no communication between SGApp1,SGApp2 .Same rules for the rest SGWeb2 communicate with SGApp2. No communication between the VMs in their parent group. I set the rules as follows :

Source Destination service action applied to

External	SGWebParent	http,https	allow	SGwebParent
SGApp1	SGWeb1	https,https,..	allow	SGApp1 SGWeb1
SGApp2	SGWeb2	https,https	Allow	SGApp1 SGApp2
SGAppParent	any	any	block	SGAppParent
SGwebParent	any	any	block	SGWebParent

Do I need to add more rules to block cummunications between Web1 and Web2 and between App1 and App2 ?

Is there a bitter way ?

thank you

chrisgnoon · ‎03-13-2019

Ensure the default firewall rule is any/any deny. Then all you need to do is permit the traffic you want to allow.

Therefore this is all that would be needed.

SGApp1	SGWeb1	https,https,..	allow	SGApp1 SGWeb1
SGApp2	SGWeb2	https,https	allow	SGApp1 SGApp2

I assume the red highlighted should read "SGApp2 SGWeb2"

Chris Noon | CCDP | CCNP | VCDX 289
Don't forget to mark as solved if your questions are answered.

View solution in original post

chrisgnoon · ‎03-13-2019

Ensure the default firewall rule is any/any deny. Then all you need to do is permit the traffic you want to allow.

Therefore this is all that would be needed.

SGApp1	SGWeb1	https,https,..	allow	SGApp1 SGWeb1
SGApp2	SGWeb2	https,https	allow	SGApp1 SGApp2

I assume the red highlighted should read "SGApp2 SGWeb2"

Chris Noon | CCDP | CCNP | VCDX 289
Don't forget to mark as solved if your questions are answered.

All

Security Groups