I have a NSG for controlling inbound traffic to my VM. One of the rules controls inbound TCP traffic on port 5061. We only want traffic to come from a specific group of external IP addresses, otherwise the traffic will be dropped.
Is there a way to have a group of ip addresses defined for the source entry of the rule where I can easily modify that list after the rule is created? I thought that Azure IP Groups would be the answer but that is not an option in the drop down list.
This is a common feature for most firewall appliances I have used.
Thank you.
Unfortunately, NSG's do not offer this functionality. Although you can specify multiple source (public or private) IP addresses within one NSG rule, you would always have to modify that particular rule when you need to change the list of IP addresses, which makes it a little inconvenient - particularly if you use the same list of IP addresses across multiple NSG's. Services like Azure Firewall do have such functionality and, like you mentioned, 3rd parties offer this as well. But those services come with additional costs.