Forum Discussion
Azure NSG Challenge : When NIC and Subnet Rules Collide
Imagine this real-world scenario: 🔹 A VM needs to connect outbound via RDP (TCP 3389) to an external server for management. 🔹 The NIC-level NSG allows outbound RDP, ensuring the VM can initiate ...
Since the NIC-level NSG explicitly permits outbound RDP, the VM can successfully initiate the session. However, given the inbound deny rule at the subnet level, the return traffic from the external server would be blocked, effectively disrupting the connection. Would you say the subnet-level inbound restriction is primarily intended to mitigate external threats, or is it designed around a specific network segmentation strategy?
NSG is a Stateful F.W allows RDP response session, NSG on the subnet will not interfere with this because it denies inbound if initiated from external networks
