Darren

My feedback

  1. 555 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Darren commented  · 

    This is possible - in the Inbound Rules for the Network Security Group, create duplicates of the default rules for azure firewalls/networks within the user configurable ID range (eg. give duplicate of AllowVnetInbound an ID of 1000, and then a duplicate of
    AllowAzureLoadBalancerInBound an ID of 1002), and then after those, create rule to deny TCP with ID of 1003, another rule to deny UDP of ID 1003, and then a last rule to allow any/any/any in ID 1004. This will block TCP/UDP on any non-specified ports, but ICMP _will_ be allowed as a result of the allow any/any/any rule. Adjust the IDs to suit, but the order is important.

Feedback and Knowledge Base