Azure 网络观察程序中的有效安全规则视图简介Introduction to Effective security rules view in Azure Network Watcher

网络安全组可以在子网级别或 NIC 级别关联。Network Security groups are associated at a subnet level or at a NIC level. 在子网级别关联时,网络安全组将应用于子网中的所有 VM 实例。When associated at a subnet level, it applies to all the VM instances in the subnet. 有效安全规则视图针对虚拟机返回在 NIC 和子网级别关联的所有已配置 NSG 和规则,以供深入了解配置。Effective security rules view returns all the configured NSGs and rules that are associated at a NIC and subnet level for a virtual machine providing insight into the configuration. 此外,VM 中的每个 NIC 将返回有效的安全规则。In addition, the effective security rules are returned for each of the NICs in a VM. 使用有效安全规则视图,可以评估网络漏洞的 VM,如打开端口。Using Effective security rules view, you can assess a VM for network vulnerabilities such as open ports. 还可以基于已配置安全规则和已批准安全规则之间的比较,验证网络安全组是否按预期方式工作。You can also validate if your Network Security Group is working as expected based on a comparison between the configured and the approved security rules.

更多扩展用例在安全合规性和审核方面。A more extended use case is in security compliance and auditing. 在组织中可以定义一组规范性安全规则作为安全监管模型。You can define a prescriptive set of security rules as a model for security governance in your organization. 通过将规范性规则与网络中每个 VM 的有效规则相比较,可以编程方式实现定期合规性审核。A periodic compliance audit can be implemented in a programmatic way by comparing the prescriptive rules with the effective rules for each of the VMs in your network.

在门户中,会为每个网络接口显示规则,并按入站和出站对规则分组。In the portal rules are displayed for each Network Interface and grouped by inbound vs outbound. 这会提供一个应用于虚拟机的规则的简单视图。This provides a simple view into the rules applied to a virtual machine. 无论哪个标签页,提供的下载按钮均可将所有安全规则轻松地转换为 CSV 文件。A download button is provided to easily download all the security rules no matter the tab into a CSV file.


可以选择规则并打开一个新的边栏选项卡以显示网络安全组以及源和目标前缀。Rules can be selected and a new blade opens up to show the Network Security Group and source and destination prefixes. 从此边栏选项卡可以直接导航到网络安全组资源。From this blade you can navigate directly to the Network Security Group resource.


后续步骤Next steps

还可以通过下面列出的其他方法,使用有效安全组功能:You can also use the Effective Security Groups feature through other methods listed below:

通过访问使用 PowerShell 审核网络安全组设置,了解如何审核网络安全组设置Learn how to audit your Network Security Group settings by visiting Audit Network Security Group settings with PowerShell