Find answers, ask questions, and connect with our
community around the world.

Home Forums Azure AZ-104 Microsoft Azure Administrator Section Based – Configure and Manage Virtual Network

  • Section Based – Configure and Manage Virtual Network

  • karbabu

    Member
    March 14, 2023 at 11:42 pm

    Your company has an Azure subscription that contains a virtual network with a subnet named TDSub1 and a virtual machine named TD1 with a public IP address and is configured to allow Remote Desktop Connections.

    TDSub1 is the subnet of TD1.

    You created two network security groups named TDSG-TD1 attached to the network interface of TD1 and TDSG-TDSub1 attached to TDSub1.

    TDSG-TDSub1 uses default inbound security rules while TDSG-TD1 has the default inbound security rules with a custom rule:

    • Name: RDP
    • Priority: 100
    • Source: Any
    • Source port range: *
    • Destination: *
    • Destination port range: 3389
    • Protocol: UDP
    • Action: Allow

    You need to ensure that you can connect to TD1 from the internet using Remote Desktop connections.

    Solution: You add an inbound security rule to TDSG-TDSub1 and TDSG-TD1 with the following configuration:

    • Priority: 200
    • Source: Any
    • Source port range: *
    • Destination: *
    • Destination port range: 3389
    • Protocol: Any
    • Action: Allow

    My guess even though rule 200 at TDSG-TDSub 1 allows but when it comes to TD1 level the rule 100 takes precedence compared to 200 and for 100 only port UDP is allowed which supposed to be TCP for successful RDP to be established. Please help to clarify

  • MattTutorialsDojo

    Member
    March 16, 2023 at 4:48 pm

    Hi Karbabu,

    Your guess is right. Since the priority 100 rule uses UDP, the RDP connection will not push through. After processing rule 100, it will then head to the next priority, which is 200. Since rule 200 is RDP using TCP, we will have a successful RDP connection.

    I hope this helps.

    Thank you.

  • A J

    Member
    July 12, 2023 at 9:09 am

    This is confusing. Why should the RDP connection be successful?

    The higher priority (100) is saying to allow UDP only. Should that not be respected and the lower priority (200) be discounted, which allows TCP?

    Another way to look at it is this. First, Subnet level NSG (200) will be evaluated to allow the traffic. But when the traffic gets to the VM, it will not get through the VM NIC as the VM NSG (100) will say: Nope, only UDP is allowed.

    Either way you slice it or dice it, the RDP connection should not be successful.

    Thank you very much,

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content