Skip to main content

Why Azure Firewall, ASGs, and NSGs should be part of your security posture

by Jeff Christman
Senior Consultant, Cloud Security

There are a lot of terms when it comes to network security. Business leaders and newcomers often get confused with the many acronyms and security jargon being thrown around. What exactly is the difference between a firewall and a Network Security Group (NSG)? What about an Application Security Group (ASG)?

The safety of your data and the reputation of your organization depends on knowing the differences and focusing on best practices with these technologies.

The main difference between these tools is the placement in your network and where the management is happening. NSGs are typically placed at the network interface and subnet level, whereas firewalls—including the cloud-based Azure Firewall--control traffic coming in and out of the virtual networks (VNets). You can't put Azure Firewall on a network interface.

Think of cloud security like the layers of an onion. Each layer focusing on different issues. Traffic coming in from the internet hits the Azure firewall, then the virtual network NSG, then the subnet NSG, and finally the network interface NSG, each with their own set of rules.

The role Application Security Groups (ASG) play is providing the ability to allow you to group virtual machines and define network security policies based on those groups. You can group virtual machines with a common function and apply a NSG rule to the group rather than have to apply NSG’s individually to each resource.

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Jeff Christman

Jeff Christman is a distinguished Navy Veteran boasting more than two decades of expertise in the Information Technology sector. He possesses a specialized focus on cloud migration projects, having contributed his skills to prestigious organizations including Raytheon, AT&T, and NASA. Presently, he holds the position of Senior Cloud Security Consultant at a prominent consulting firm. Beyond his professional endeavors, Jeff is an accomplished author and educator, developing and publishing content and courses for renowned platforms such as,, and

Outside of his professional pursuits, Jeff enjoys engaging in fantasy football, exploring advancements in technology, and playfully teasing his teenage daughters.

More about Jeff Christman