Home › Forums › Azure › AZ-104 Microsoft Azure Administrator › Section Based – Configure and Manage Virtual Network
-
Section Based – Configure and Manage Virtual Network
-
Your company has an Azure subscription that contains a virtual network with a subnet named
TDSub1
and a virtual machine namedTD1
with a public IP address and is configured to allow Remote Desktop Connections.TDSub1
is the subnet ofTD1
.You created two network security groups named
TDSG-TD1
attached to the network interface ofTD1
andTDSG-TDSub1
attached toTDSub1
.TDSG-TDSub1
uses default inbound security rules whileTDSG-TD1
has the default inbound security rules with a custom rule:- Name: RDP
- Priority: 100
- Source: Any
- Source port range: *
- Destination: *
- Destination port range: 3389
- Protocol: UDP
- Action: Allow
You need to ensure that you can connect to
TD1
from the internet using Remote Desktop connections.Solution: You add an inbound security rule to
TDSG-TDSub1
andTDSG-TD1
with the following configuration:- Priority: 200
- Source: Any
- Source port range: *
- Destination: *
- Destination port range: 3389
- Protocol: Any
- Action: Allow
My guess even though rule 200 at TDSG-TDSub 1 allows but when it comes to TD1 level the rule 100 takes precedence compared to 200 and for 100 only port UDP is allowed which supposed to be TCP for successful RDP to be established. Please help to clarify
-
Hi Karbabu,
Your guess is right. Since the priority 100 rule uses UDP, the RDP connection will not push through. After processing rule 100, it will then head to the next priority, which is 200. Since rule 200 is RDP using TCP, we will have a successful RDP connection.
I hope this helps.
Thank you.
-
This is confusing. Why should the RDP connection be successful?
The higher priority (100) is saying to allow UDP only. Should that not be respected and the lower priority (200) be discounted, which allows TCP?
Another way to look at it is this. First, Subnet level NSG (200) will be evaluated to allow the traffic. But when the traffic gets to the VM, it will not get through the VM NIC as the VM NSG (100) will say: Nope, only UDP is allowed.
Either way you slice it or dice it, the RDP connection should not be successful.
Thank you very much,
Log in to reply.