»Network Security Groups

You can configure network security group settings to open the virtual firewall between your HVN and your Azure cloud network.

Overview

A network security group is an entity in Azure that functions as a virtual firewall between your Azure instances. Security groups manage protocol and port permissions for Azure traffic in order to control inbound and outbound traffic. For additional information, refer to the Azure documentation on How network security groups filter network traffic.

To establish communication between your HashiCorp Virtual Network (HVN) and your Azure VNet, you must:

Create a security group.
Configure ingress (inbound) rules.
Configure egress (outbound) rules.

To configure security group rules, you can use either the Azure portal or the Azure Command Line Interface.

Tip: Creating custom security group configurations for your HCP products improves infrastructure security. However, administrative flexibility may reduce over time as you introduce multiple service deployments.

Update Network Security Groups

Sign in to the HCP Portal and select your organization.
From the sidebar, click HashiCorp Virtual Network
Click on an HVN in the ID column.
From the sidebar, click Peering connections.
Enter your Azure Network security group ID.
Copy the code generated on HCP, then run it in Azure.

Network Security Group Rules Reference

Inbound rules

To allow inbound traffic from your HVN, specify the following rules on your Azure VNet:

Priority	Name	Port	Protocol	Source	Destination	Action
400	ConsulServerInbound	8301	Any	HVN-CIDR	VirtualNetwork	Allow
401	ConsulClientInbound	8301	Any	VirtualNetwork	VirtualNetwork	Allow

Outbound rules

Priority	Name	Port	Protocol	Source	Destination	Action
400	ConsulServerOutbound	8300-8301	Any	VirtualNetwork	HVN-CIDR	Allow
401	ConsulClientOutbound	8301	Any	VirtualNetwork	VirtualNetwork	Allow
402	HTTPOutbound	80	Any	VirtualNetwork	HVN-CIDR	Allow
403	HTTPSOutbound	443	Any	VirtualNetwork	HVN-CIDR	Allow