Hi experts,
I am playing with the Azure firewall and I have a confusion about the order of the rule processing. Based on my study, the DNAT rule will be processed first, then the Network rule, then the App rule. I have the priority value set accordingly too for these collections.. My scenario is pretty simple that I only have one RCG and there is no parent policy.
So at first, I tested with a Network rule to permit HTTP traffic and a App rule to deny the HTTP. The result is still "Permit". It makes sense.
However, now I have a DNAT rule to permit inbound SSH to a VM, and a Network rule to block the SSH, the result is "Deny". I took out the Network rule, the SSH works. Why is it happening? Shouldn't the DNAT rule prevail the Network rule?
Also, every time I make a rule change, it takes like 3 to 5 minutes to deploy. It is kind of frustrating especially when doing the studying... Is there anyway to speed up the deployment? Is the CLI faster?
Thanks,
Difan
