# 2.2.9 Configure Network Access To see current running VMs: `az vm list` ### Task 1: Access your Web Server 1. Run `az vm list-ip-addresses` to get VM IP address, store the result as a BASH variable: ```azure IPADDRESS="$(az vm list-ip-addresses \ --resource-group "GROUP-NAME" \ --name my-vm \ --query "[].virtualMachine.network.publicIpAddresses[*].ipAddress" \ --output tsv)" ``` 2. Run the following `curl` command to download the homepage: ```bash curl --connect-timeout 5 http://$IPADDRESS ``` After 5 seconds, an error message indicates the VM is not accessible. 3. To see the VM IP address, run: `echo $IPADDRESS`. ### Task 2: List Current Network Security Group Rules 1. Run the following `az network nsg list` command to list network security groups associated with VM: ```azure az network nsg list \ --resource-group "GROUP-NAME" \ --query "[].name" \ --output tsv ``` Every VM on Azure is associated with at least one network security group. Azure creates a group for us called `my-vmNSG`. 2. Run the following `az network nsg rule list` command to list rules associated with `my-vmNSG`: ```azure az network nsg rule list \ --resource-group "GROUP-NAME" \ --nsg-name my-vmNSG ``` This will output a block of JSON text. 3. To make this easier to read, run the following command again but this time using `--query` and `--output` to format a table: ```azure az network nsg rule list \ --resource-group "GROUP-NAME" \ --nsg-name my-vmNSG \ --query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \ --output table ``` The default rule, *default-allow-ssh* allows inbound connections on port 22. The rule priority is 1000. Rules are processed in order, with lower numbers being processed first. To connect to our web server, we need to allow inbound connections on port 80. ### Task 3: Create the Network Security Rule 1. Run `az network nsg rule create` to create a rule called *allow-http*: ```azure az network nsg rule create \ --resource-group "GROUP-NAME" \ --nsg-name my-vmNSG \ --name allow-http \ --protocol tcp \ --priority 100 \ --destination-port-range 80 \ --access Allow ``` 2. Verify this by running `az network nsg rule list`: ``` az network nsg rule list \ --resource-group "GROUP-NAME" \ --nsg-name my-vmNSG \ --query '[].{Name:name, Priority:priority, Port:destinationPortRange, Access:access}' \ --output table ``` ### Task 4: Access the Web Server Again 1. Run the same `curl` command again: ```bash curl --connect-timeout 5 http://$IPADDRESS ``` This should now also work in browser. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://contrxl.gitbook.io/contrxl/systems-administration/microsoft/az-900/2.-architecture/2.2-compute-and-networking/2.2.9-configure-network-access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.