With the release of Azure Local 12.2506 Microsoft has opened the public preview of Network Security Groups (NSGs). This long awaited feature provides micro-segmentation support for Azure Local VMs using simple ACLs. NSGs can be applied to vNics or Logical Networks, and can be applied during the creation of the VM before it ever gets powered on.
Each NSG will have a collection of inbound and outbound security rules that should be easily familiar to anyone that has created an ACL before. Consisting of Source and destination IPs, ports, and protocols. Each rule is processed in order of the set priority.
Built on the new role-based Network Controller platform, it is simpler to deploy and more efficient with resources than the old VM based Network Controller architecture. All filtering is done on the virtual switch at the virtual port level, allowing filtering on Layer 2 networks without having to send traffic through a Layer 3 firewall.
Watch the video to see a full demo on how to deploy and setup an NSG to filter traffic on your Azure Local cluster.