VM1 needs to talk to VM2 on port 4567 (In Azure). Both VMS are on the same subnet. Can I just create an inbound rule on the NSG attached to both Vms that says open port 4567? Will this work?
Or do I also need to log onto both VM's and configure the firewall rules?
What is the proper way to configure this? in terms of best practice.
On
There are subnet or network interface level NSG in Azure with ARM model. Usually we just use the subnet level NSG that will take effect on all the VMs in the same subnet. If the VMs in the same subnet, by default, the traffic from VMs can pass though the NSG each other as there is an AllowVnetInBound rule.
Windows firewall is another firewall inside the VMs. You can configure it or not configure it. Suggest to configure it for more security. If you want to open port 4567 from VM1 talk to VM2, you only need to open it in VM firewall rule if you have configured it.
Ref: Azure Network Security Groups (NSG) – Best Practices and Lessons Learned
Yes, you have to, because NSG doesnt talk to your VM to alter settings on it. NSG is an Azure level firewall.