MemberSeptember 22, 2020 at 11:48 pm
Without E, the system will be unable to initiate the connection through the sg to the third party APIs. Assuming E is in place, the responses from the third party APIs will come back in on ephemeral ports, so Ithose need to be opened up on the NACL (D).
So the overall flow for the API communication should be:
Outbound API call goes out through the SG (allowed by E), then out through the NACL (allowed by C), and reaches the destination whereupon a response is returned. The response is on an ephemeral port (allowed by D). The SG is stateful so “B” is not needed or desired.
BTW — I’ve passed the sysops exam so this question isn’t really relevant for me any more.