-
Hello samabc,
To clarify, yes, if both TD1 and TD2 are properly configured to allow communication, and TDNSG1 is actively associated with TD2, then rule 300 should allow TCP traffic from TD1 to TD2 over any port, including port 443. That rule explicitly permits traffic from 10.0.1.0/24 to 10.0.2.0/24 using TCP on any port, and it has a higher priority than the deny rule.
The fact that the Connection Troubleshoot result shows traffic as unreachable does raise a valid question. However, it doesn’t necessarily mean that TDNSG1 is not associated with the network interface of TD2.
It’s also important to pay close attention to explicit details in the scenario. For example, the statement “TD2 allows ICMP in its inbound Windows firewall” is clearly mentioned, which helps explain why ICMP traffic succeeds. In contrast, there is no mention of port 443 being allowed or selected as one of the inbound ports in the scenario. Even if the NSG permits traffic, the Windows firewall or the application itself must also be configured to accept connections on that port.
If all configurations are correct and TDNSG1 is associated with TD2, TCP traffic should be allowed as per rule 300. The key takeaway is that NSG rules alone don’t guarantee connectivity; they simply permit it. The actual success of a connection also depends on the destination VM being ready to accept it.
I hope this provides more clarity. Let us know if you need further assistance.
Best regards,
JR @ Tutorials Dojo
