Can you add some information around the NSG ruleset? Why does the ruleset have to be as such:
"securityRules": [
{
"name": "unblock_all_tcp_rule",
"properties": {
"description": "unblock_all_tcp_rule",
"protocol": "Tcp",
"sourcePortRange": "0-65535",
"destinationPortRange": "0-65535",
"sourceAddressPrefix": "0.0.0.0/0",
"destinationAddressPrefix": "0.0.0.0/0",
"access": "Allow",
"priority": 123,
"direction": "Inbound"
}
},
{
"name": "unblock_all_tcp_outrule",
"properties": {
"description": "unblock_all_tcp_outrule",
"protocol": "Tcp",
"sourcePortRange": "0-65535",
"destinationPortRange": "0-65535",
"sourceAddressPrefix": "0.0.0.0/0",
"destinationAddressPrefix": "0.0.0.0/0",
"access": "Allow",
"priority": 123,
"direction": "Outbound"
}
},
{
"name": "unblock_all_udp_ports",
"properties": {
"description": "Unblock_all_udp_ports",
"protocol": "Udp",
"sourcePortRange": "0-65535",
"destinationPortRange": "0-65535",
"sourceAddressPrefix": "0.0.0.0/0",
"destinationAddressPrefix": "0.0.0.0/0",
"access": "Allow",
"priority": 125,
"direction": "Inbound"
}
}
When setting those rules to use 'Any', '*' , or even trying to set it to only allow traffic to http/https ports all traffic to the backend web server is blocked. Why is this? I can't find this in Microsoft documentation either but, the only way I've been able to get this solution to work is to keep the ruleset exactly as you have it (noted above).
Please provide some information around why the ruleset must be this way and whether or not we can limit the ports and protocols that are allowed through this NSG.
Documentation link
README.MD
Describe the problem
Can you add some information around the NSG ruleset? Why does the ruleset have to be as such:
When setting those rules to use 'Any', '*' , or even trying to set it to only allow traffic to http/https ports all traffic to the backend web server is blocked. Why is this? I can't find this in Microsoft documentation either but, the only way I've been able to get this solution to work is to keep the ruleset exactly as you have it (noted above).
Suggested fix
Please provide some information around why the ruleset must be this way and whether or not we can limit the ports and protocols that are allowed through this NSG.