Secure access on the Azure storage account using vNet/NSG RRS feed

  • Question

  • I want to enable secure access on the storage account using vNet/NSG.

    I have configured NSG (ie. ef-nsg1), which is configured to allow access only from specific IP (ie. my Laptop). This NSG is associated  to the ef--vNet1 / eg-subnet1.

    When I attached this vNet/subnet to a Virtual Machine or SQL Database, it is working perfectly fine, and access is possible only from my Laptop (ie. IP xxx.xxx.xxx.234)

    Similar I am attaching this vNet to the Storage Account (i.e edwardfstorage)  Once I attach this , I am not able to access the storage account from my laptop, using Azure Storage Explorer.  It gives error, not authorized to access.  But when I additionally add my Laptop IP (ie. IP xxx.xxx.xxx.234) under the Firewall -> Address Range , then only I am able to access Storage Account from Laptop.

    My Objective is to have a single set of Inbound/Out bound rules, configured in an NSG. That NSG to be applied to any of azure services, for allowing restricted access to my Account. Any change in rules, to be done at a central place in NSG, rather than having to put IP ranges  in multiple places , as in case of Storage account.

    Could anyone  what is going wrong when using vNet/NSG for securing access to Storage Account, and allowing restricted access by specifying INbound/Outbound access from a fixed IP ?
    Tuesday, May 22, 2018 1:13 PM

All replies

  • Currently you can apply NSG rules only services deployed into a virtual network, see Virtual network for Azure services to know which services can be deployed into a VNet. You can either allow or deny access to the Storage Account with Azure Storage Firewalls.

    “If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here

    • Proposed as answer by vikranth s Tuesday, May 22, 2018 2:29 PM
    Tuesday, May 22, 2018 2:27 PM
  • Checking in to see if the above response helped to answer your query. Let me know if there are still any additional issues I can help with.

    • Edited by vikranth s Wednesday, May 23, 2018 6:33 PM
    Wednesday, May 23, 2018 6:32 PM