Create Azure Virtual Network, Subnets & Network Security Group (NSG) | Azure Networking Step-by-Step

Lagos Digital Marketing Agency | Web Design | SEO | Website Development | Web Hosting & Domain | Website Training | Digital Marketing Training > Blog > Cloud Computing Blog > Create Azure Virtual Network, Subnets & Network Security Group (NSG) | Azure Networking Step-by-Step
Create Azure Virtual Network, Subnets & Network Security Group (NSG)

How to Create an Azure Virtual Network, Subnets, and Network Security Groups (NSG): A Complete Step-by-Step Guide

Setting up a secure and well-structured network environment is one of the most important tasks for anyone working in cloud engineering. Whether you’re preparing for Azure certifications, building a real-world project, or learning cloud infrastructure design, this guide will walk you through how to create an Azure Virtual Network (VNet), subnets, and Network Security Groups (NSG) using the Azure portal.

In this tutorial, you’ll learn how to structure your network into layers (frontend, backend, and database), apply security controls, and associate NSGs with the appropriate subnets.

1. What Is an Azure Virtual Network (VNet)?

An Azure Virtual Network allows you to securely connect and isolate cloud resources such as virtual machines, databases, and application services.
It works like a traditional on-premises network but offers the flexibility and scalability of cloud computing.

2. Step-by-Step Guide to Creating a Virtual Network in Azure

Step 1: Log in to the Azure Portal

Go to the Azure portal and sign in with your credentials.

Step 2: Search for “Virtual Network”

Use the search bar at the top of the portal to find Virtual Networks.

Step 3: Create a New Virtual Network

  • Click Create.

  • Under the Basics tab, choose or create a Resource Group.

  • Enter a name for your network (e.g., Fintech-Vnet).

  • Select your preferred region.

Step 4: Configure Security Features (Optional but Important)

Azure offers several advanced networking security services:

  • Virtual Network Encryption

  • Azure Bastion

  • Azure Firewall

  • Azure DDoS Protection
    These features may incur additional costs, so enable them based on your project requirements.

Step 5: Configure IP Address Space

  • Go to the IP Addresses tab.

  • Add an address space such as 192.168.0.0/16.

  • Delete the default subnet to create your own structured subnets.

3. Creating Subnets Inside the VNet

Subnets help you separate parts of your application for better organization and security.

Step 6: Create the Frontend Subnet

  • Click Add Subnet.

  • Name it project-frontend.

  • Ensure IPv4 is selected.

  • Use the automatically calculated IP range.

Step 7: Create the Backend Subnet

  • Repeat the process.

  • Name it project-backend.

Step 8: Create the Database Subnet

  • Create an additional subnet.

  • Name it project-database.

Each subnet will host resources for different layers of your application.

4. Creating Network Security Groups (NSG)

A Network Security Group helps control inbound and outbound traffic to Azure resources.
You will create one NSG for each subnet.

Step 9: Create NSG for the Frontend Layer

  • Search for Network Security Group.

  • Click Create.

  • Select the same resource group used for the VNet.

  • Name the NSG NSG-project-frontend.

  • Click Review + Create.

Step 10: Create NSG for the Backend Layer

Follow the same procedure and name it NSG-project-backend.

Step 11: Create NSG for the Database Layer

Follow the same procedure and name it NSG-project-database.

5. Associating NSGs with Subnets

This step ensures each layer of your architecture is protected by appropriate security rules.

Step 12: Associate the Frontend NSG

  • Open NSG-project-frontend.

  • Go to Subnets under Settings.

  • Click Associate.

  • Select your Virtual Network.

  • Choose the project-frontend subnet.

Step 13: Associate the Backend NSG

Repeat the same process for:

  • NSG-project-backendproject-backend subnet.

Step 14: Associate the Database NSG

Repeat the same process for:

  • NSG-project-databaseproject-database subnet.

6. Final Validation and Deployment

Once everything is configured:

  • Review your settings.

  • Click Create.

  • Wait for deployment to complete.

  • Return to the dashboard and search for your newly created Virtual Network to view all subnets and configurations.

Conclusion

By following this guide, you’ve successfully created:

  • A well-structured Azure Virtual Network

  • Multiple subnets for a layered architecture

  • Dedicated Network Security Groups (NSG)

  • Proper NSG-to-subnet associations for enhanced security

This setup lays the foundation for deploying secure cloud applications — especially for real-world enterprise environments.

Watch on YouTube

Frequently Asked Questions (FAQ)

1. What is a Virtual Network (VNet) in Azure?

A Virtual Network (VNet) is a logically isolated network environment in Azure that allows cloud resources to communicate securely with each other, the internet, and on-premises networks.

2. Why do I need subnets in a VNet?

Subnets help you divide your network into smaller, manageable sections.
This improves:

  • Security

  • Resource organization

  • Performance

  • Traffic control

Common architecture includes frontend, backend, and database subnets.

3. What is a Network Security Group (NSG)?

An NSG is a security component that controls inbound and outbound traffic to Azure resources.
It works like a firewall at the subnet or network interface level.

4. Can I apply an NSG to both a subnet and a virtual machine?

Yes.
NSGs can be associated with:

  • Subnets

  • Individual network interfaces (NICs)

Azure evaluates all rules applied at both levels.

5. Do VNet encryption, Azure Bastion, or Azure Firewall cost extra?

Yes. These are paid add-on services, and enabling them may increase your Azure bill.
They’re recommended only when needed for advanced security or production workloads.

6. Can I modify subnet IP ranges after creating them?

No. Subnet IP ranges cannot be resized after creation unless:

  • You remove all resources in the subnet

  • Delete the subnet

  • Re-create it with a new range

So plan your IP scheme properly before deployment.

7. How many subnets can a Virtual Network have?

Azure supports many subnets within a VNet, depending on IP space.
You can create as many as you need as long as they fit within the VNet’s address range.

8. What is the recommended naming convention for VNet and NSG?

Use meaningful, structured names like:

  • Fintech-Vnet (Virtual Network)

  • project-frontend, project-backend, project-database (Subnets)

  • NSG-project-frontend (NSG)

This makes your infrastructure easy to manage and scale.

9. Can I add more subnets later?

Yes.
You can return to the VNet at any time to create additional subnets, as long as you still have unused IP space available.

10. What happens if I forget to associate an NSG to a subnet?

Your subnet will still work, but it won’t have custom traffic filtering.
This may expose your resources to unwanted traffic and security risks.

Leave a Reply

Your email address will not be published. Required fields are marked *