The NLB itself doesn't have any security group. Instead, you control access using the security groups(s) attached to the EC2 instances. The source IP address is preserved, so you work with security group configuration (and other firewalls so to speak) as if the client had connected directly to your machine. The load balancer is kind of more transparent than in the ELB/ALB case. Refer https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-network-load-balancer.html for step-by-step instruction.
AWS Network Load Balancer does not support security groups today. You can use Amazon VPC NACLs, AWS Network Firewall, and/or a marketplace firewall with AWS Gateway Load Balancer to provide various levels of protection for your NLB. You can also use security groups on your targets if client IP preservation is enabled (see more here about when client IP preservation is supported)
Application Load Balancers do support security groups today.
For more information comparing ALB vs NLB, I suggest you check out this page.
NLB will connect to the IP of your machine ( any cloud or on-prem ), you must be using a software/tool like firewall or proxy already in your cloud / on-premise to protect the Virtual machines, you can still continue using that for the machine and in AWS NLB will act as only the load balancer with the provided algorithm/configurations
Health check at NLB level for a Fargate Serviceasked 4 months ago
Source IP using PrivateLink and NLBAccepted AnswerMODERATORasked 3 years ago
Restricting incoming NLB traffic to internal IP addressesAccepted Answerasked 2 years ago
AWS NLB security groupasked 9 months ago
NLB Preserving Client IPAccepted Answerasked 2 years ago
Traffic doesnt flow whe using ALB as a target of NLBasked 7 months ago
Static IP for NLB endpointAccepted Answerasked 2 years ago
Load Balancer [NLB] - Listeners - Inconsistentasked 8 months ago
Internet facing NLBasked 9 months ago
NLB Distribution unevenly with wildfly and pgBouncerasked 7 months ago