-
Hi,
Thank you for your reply. W.r.t. “the only way those rules would be evaluated is if TDNSG1 is indeed associated with TD2’s NIC (or its subnet)” – what has allowed you to conclude that the rules would be evaluated? As per my understanding the network watcher tests would be the same even if TDNSG1 wasn’t attached to TD2?
I’ll outline my thinking, perhaps this will help pinpoint where i’m getting confused:
1. Say TDNSG1 is setup as per question with TCP allowed between TD1 and TD2
2. In my scenario TDNSG1 is NOT explicitly attached to TD2
3. TD2 is not configured to listen to port 443 (as per the suggested root cause of TCP traffic not being reachable)
In the above scenario I think network watcher test for ICMP would still be successful and the test for TCP connectivity would still fail even though TDNSG1 is not associated with TD2 – meaning I am not able to able to determine “TDNSG1 is associated with the network interface of TD2”. Have I misunderstood something / am I overlooking some info in the question?
Thanks!
