Cisco Catalyst SD-WAN Onboarding Guide, Releases 26.x and Later

PDF

Configure the Network Security Group

Want to summarize with AI?

Log in

Provides instructions for configuring an NSG in Azure, including adding inbound security rules for controller connectivity and access, specifying rule parameters, and verifying VM connectivity and deployment.


This procedure describes how to configure the NSG in Azure.

Note

For more information about tasks in Azure, see the Azure documentation.

Before you begin

The NSG is a functionally related to firewall policy. When configuring the NSG, it is helpful to be aware of firewall port configuration in Cisco Catalyst SD-WAN. For more information on firewall ports, see Firewall Ports for Cisco SD-WAN Deployments.

Follow the steps to configure the NSG.

Procedure

1.

Using the Azure portal, add inbound security rules to the NSG created in an earlier task. This allows inbound traffic from the IP ranges for:

  • Establishing control connections between each of the SD-WAN Control Components. If the components lack connectivity to each other, the control plane and data plane cannot operate.

  • Accessing the controllers using HTTPS or SSH protocols.

For the NSG, use the option to add inbound security rules. These rules must allow all the controller VM IP addresses, to enable the required connectivity between the SD-WAN Control Components.

When creating a new inbound security rule, ensure that you complete the following actions:

  • Specify IP ranges, protocol, and so on.

  • For the action of the rule, choose the option to allow the traffic.

2.

To verify connectivity, log in to the VM using the primary network interface with the public IP of SD-WAN Manager.

What to do next

Verify the deployment of SD-WAN Control Components in Azure.