I have some questions on the below NSG outbound rules and need help
65001 AllowInternetOutBound Any Any Any Internet Allow
•
65500 DenyAllOutBound Any Any Any Any Deny
a) 65001 says that if your source is 0.0.0.0/0 and sending a communication to Internet it should be allowed . Am i correct ? The question i have here is : How the machine takes a call that the traffic is indeed for internet and that Outbound Rule has to come to play ? My understanding is it checks the Ip and says Hey this does not belongs to this subnet and it should be routed to internet .
b) 65500 Any port to any port source and destination is denied .
Why i am asking this question is because :
I created 2 VM's one in Central US and the other in West US. Different subnets and same NSG configuration with port 80 being allowed for Inbound Rules.. When i run network watcher Ip flow verify for inbound between VM1 and VM2 on port 80 it is successfull as inbound is allowed .
But if i do a Outbound check for source VM1 and source VM2 on port 80 i fail
Access denied
Security rule
DenyAllOutBound
Questions 2 : If i have an azure VM and i need to do a telnet or reach an application on an onpremise VM which is listening on PORT 80 ..
Is that i have to allow port80 in outbound rules ? What i am finding is that when i do a telnet <onpremiseVMname> 80 from Azure VM i am able to connect . That tells me that it is going via the internet . Am i correct ?AllowInternetOutBound is followed in this case.
I have just confused here that : If i create 2 VMs in azure in two different locations .. and then do a outbound test with network watcher Ipflow verify on port 80 it fails but if i do a telnet to my on premise VM from azure VM it connects to port 80 Why ?????
