I have some questions on the below NSG outbound rules and need help
65001 AllowInternetOutBound Any Any Any Internet Allow
65500 DenyAllOutBound Any Any Any Any Deny
a) 65001 says that if your source is 0.0.0.0/0 and sending a communication to Internet it should be allowed . Am i correct ? The question i have here is : How the machine takes a call that the traffic is indeed for internet and that Outbound Rule has to come to play ? My understanding is it checks the Ip and says Hey this does not belongs to this subnet and it should be routed to internet .
b) 65500 Any port to any port source and destination is denied .
Why i am asking this question is because :
I created 2 VM's one in Central US and the other in West US. Different subnets and same NSG configuration with port 80 being allowed for Inbound Rules.. When i run network watcher Ip flow verify for inbound between VM1 and VM2 on port 80 it is successfull as inbound is allowed .
But if i do a Outbound check for source VM1 and source VM2 on port 80 i fail
Questions 2 : If i have an azure VM and i need to do a telnet or reach an application on an onpremise VM which is listening on PORT 80 ..
Is that i have to allow port80 in outbound rules ? What i am finding is that when i do a telnet <onpremiseVMname> 80 from Azure VM i am able to connect . That tells me that it is going via the internet . Am i correct ?AllowInternetOutBound is followed in this case.
I have just confused here that : If i create 2 VMs in azure in two different locations .. and then do a outbound test with network watcher Ipflow verify on port 80 it fails but if i do a telnet to my on premise VM from azure VM it connects to port 80 Why ?????