Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$4 OFF AWS Security Specialty Practice Exams

Find answers, ask questions, and connect with our
community around the world.

Home Forums Azure AZ-104 Microsoft Azure Administrator Question on Azure Network Watcher Connection Troubleshoot port 443, TDNSG1

  • Question on Azure Network Watcher Connection Troubleshoot port 443, TDNSG1

  • Jay.Tee

    Member
    August 15, 2024 at 6:25 pm

    Hi,

    Happy to say that I passed my final exam with 96% but this question irks me. I realise that the two VMs are in the same VNet and so can communicate unless a NSG specifically blocks them, so it must be the Windows Firewall on TD2 that is only configured to allow ICMP traffic that must be blocking port 443, however… The rules are as follows:

    Priority – Source – Destination Protocol Port – Action

    300 – 10.0.1.0/24 – 10.0.2.0/24 – TCP – Any – Allow

    310 – Any – 10.0.2.0/24 – TCP – Any – Deny

    Since TD1 is in Subnet1 which is 10.0.1.0/24 and TD2 is in Subnet2 which is 10.0.2.0/24 and the priority 300 rule allows TCP traffic from Subnet1 to Subnet2, there is no specific way to infer that TDNSG1 is connected to TD2. If it was, HTTPS traffic would pass TCP port 443 from TD1 to TD2 just the same as if it wasn’t connected and the VNet was just passing traffic. Therefore it might be connected or might not be. The question is just a wild guess, and totally unfair.

    Unless I missed something, in which would someone please enlighten me, as I would like to know what it was if so.

    Thanks!

  • Neil-TutorialsDojo

    Member
    August 19, 2024 at 12:24 pm

    Hello Jay.Tee,

    Good day!

    Congratulations on achieving a remarkable score of 96% on your final exam! We appreciate your detailed feedback and understand the concern regarding the NSG rules and their impact on connectivity.

    You are correct in noting that Rule 300, with a higher priority (lower number), allows TCP traffic from subnet 10.0.1.0/24 (TD1) to subnet 10.0.2.0/24 (TD2). Rule 310, with a lower priority, denies TCP traffic to 10.0.2.0/24. However, since Rule 300 permits this traffic, it should indeed allow TCP traffic, including port 443 (HTTPS), between TD1 and TD2.

    Given the scenario, despite Rule 300 allowing TCP traffic from TD1 to TD2, the connection was still unreachable. This might be due to outbound rules or other factors not provided in the scenario.

    We apologize for any confusion caused by this question. We will review it further to ensure clarity and accuracy. Thank you for your patience and for helping us improve the quality of our content.

    Best regards,
    Neil @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now