We are looking for an automated way to identify which are the Effective Security Rules that are applied to a Network Interface (NIC). We are aware that we can achieve this using a REST API call: Network Interfaces - List Effective Network Security Groups - REST API
But we have the following concerns about the output/result:
- How many Network Security Groups (NSG) can be attached to a NIC? Which is the current limit, or there is no limit at all?
- When there are multiple NSGs attached to a NIC and those NSGs have different rules with the same priority how are they applied? How Azure make the merge of them?
- Is there additional complexity added if a SubNet is also linked to them?
You cant attach multiple NSGs to a NIC. You can attach one NSG to a NIC, also you can attach one NSG to the subnet. If you attach NSG on both places, first the subnet NSG handles the traffic, then the NIC NSG. More information: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works