如何使用 Azure 入口網站開啟虛擬機器的連接埠How to open ports to a virtual machine with the Azure portal

您可以透過在子網路或 VM 網路介面上建立網路篩選,對 Azure 中的虛擬機器 (VM) 開啟連接埠或建立端點。You open a port, or create an endpoint, to a virtual machine (VM) in Azure by creating a network filter on a subnet or a VM network interface. 您可將控制輸入與輸出流量的這些篩選器放在可接收流量的資源所附加的網路安全性群組上。You place these filters, which control both inbound and outbound traffic, on a network security group attached to the resource that receives the traffic.

此文章中的範例示範如何建立會使用標準 TCP 連接埠 80 的網路篩選器 (假設您已經在 VM 上啟動適當的服務並開啟任何 OS 防火牆規則)。The example in this article demonstrates how to create a network filter that uses the standard TCP port 80 (it's assumed you've already started the appropriate services and opened any OS firewall rules on the VM).

建立已設定為在標準 TCP 連接埠 80 上接聽要求的 VM 之後,您可以:After you've created a VM that's configured to serve web requests on the standard TCP port 80, you can:

  1. 建立網路安全性群組。Create a network security group.

  2. 建立可允許流的連入安全性規則,並為下列設定指派值:Create an inbound security rule allowing traffic and assign values to the following settings:

    • 目的地連接埠範圍:80Destination port ranges: 80

    • 來源連接埠範圍: * (允許任何來源連接埠)Source port ranges: * (allows any source port)

    • 優先順序值:輸入小於 65,500 且優先順序高於預設捕捉所有流量拒絕連入規則的值。Priority value: Enter a value that is less than 65,500 and higher in priority than the default catch-all deny inbound rule.

  3. 讓網路安全性群組與 VM 網路介面或子網路產生關聯。Associate the network security group with the VM network interface or subnet.

雖然此範例使用簡單的規則來允許 HTTP 流量,您也可以使用網路安全性群組與規則來建立更複雜的網路設定。Although this example uses a simple rule to allow HTTP traffic, you can also use network security groups and rules to create more complex network configurations.

登入 AzureSign in to Azure

https://portal.azure.com 登入 Azure 入口網站。Sign in to the Azure portal at https://portal.azure.com.

建立網路安全性群組Create a network security group

  1. 搜尋並選取 VM 的資源群組,選擇 [新增],然後搜尋並選取 [網路安全性群組]。Search for and select the resource group for the VM, choose Add , then search for and select Network security group .

  2. 選取 [建立]。Select Create .

    [建立網路安全性群組] 視窗隨即開啟。The Create network security group window opens.

    建立網路安全性群組

  3. 輸入網路安全性群組的名稱。Enter a name for your network security group.

  4. 選取或建立資源群組,然後選取位置。Select or create a resource group, then select a location.

  5. 選取 [建立] 以建立網路安全性群組。Select Create to create the network security group.

建立輸入安全性規則Create an inbound security rule

  1. 選取您的新網路安全性群組。Select your new network security group.

  2. 從左側功能表中選取 [輸入安全性規則],然後選取 [新增]。Select Inbound security rules from the left menu, then select Add .

    切換至進階頁面

  3. 在 [新增輸入安全性規則] 頁面上,從頁面頂端的 [基本] 切換至 [進階]。In the Add an inbound security rule page, toggle to Advanced from Basic at the top of the page.

  4. 從下拉式功能表中選擇常見的 服務 ,例如 HTTPChoose a common Service from the drop-down menu, such as HTTP . 如果要以提供特定連接埠供使用者使用,您也可以選取 [自訂]。You can also select Custom if you want to provide a specific port to use.

  5. 選擇性地變更 [優先順序] 或 [名稱]。Optionally, change the Priority or Name . 優先順序會影響規則的套用順序,數值越低的規則越早套用。The priority affects the order in which rules are applied: the lower the numerical value, the earlier the rule is applied.

  6. 選取 [新增] 以建立規則。Select Add to create the rule.

將「網路安全性群組」與子網路建立關聯Associate your network security group with a subnet

最後一個步驟是將您的網路安全性群組與子網路或特定網路介面建立關聯。Your final step is to associate your network security group with a subnet or a specific network interface. 對於此範例,我們會將網路安全性群組與子網路建立關聯。For this example, we'll associate the network security group with a subnet.

  1. 從左側功能表中選取 [子網路],然後選取 [關聯]。Select Subnets from the left menu, then select Associate .

  2. 選取您的虛擬網路,然後選取適當的子網路。Select your virtual network, and then select the appropriate subnet.

    將網路安全性群組與虛擬網路功能建立關聯

  3. 完成後,選取 [確定]。When you are done, select OK .

其他資訊Additional information

您也可以使用 Azure PowerShell 執行本文中的步驟You can also perform the steps in this article by using Azure PowerShell.

本文中所述的命令可讓您快速取得傳輸到 VM 的流量。The commands described in this article allow you to quickly get traffic flowing to your VM. 「網路安全性群組」針對控制對您資源的存取,提供許多絕佳的功能和細微性。Network security groups provide many great features and granularity for controlling access to your resources. 如需詳細資訊,請參閱使用網路安全性群組來篩選網路流量For more information, see Filter network traffic with a network security group.

如需高可用性 Web 應用程式,請考慮將您的 VM 置於 Azure Load Balancer 後方。For highly available web applications, consider placing your VMs behind an Azure load balancer. 負載平衡器會將流量分散到所有 VM,且有提供流量篩選的網路安全性群組。The load balancer distributes traffic to VMs, with a network security group that provides traffic filtering. 如需詳細資訊,請參閱如何平衡 Azure 中 Windows 虛擬機器的負載以建立高可用性應用程式For more information, see Load balance Windows virtual machines in Azure to create a highly available application.

後續步驟Next steps

在本文中,您會建立網路安全性群組、建立允許連接埠 80 上 HTTP 流量的輸入規則,然後將該規則與子網路建立關聯。In this article, you created a network security group, created an inbound rule that allows HTTP traffic on port 80, and then associated that rule with a subnet.

您可以從下列文章中,找到有關建立更詳細環境的資訊︰You can find information on creating more detailed environments in the following articles: