Network Security Groups in Azure — The Fundamentals , Which Direction to Apply Rules, What would source and target ports be, Does return reply traffic need to be explicitly permitted(3/3) ?

Default Rules - NSG (Azure)

(does NOT represent ALL VNETS in Azure)

The virtual network address space (all IP address ranges defined for the virtual network) referencing the vnet where this was defined, all connected on-premises address spaces, peered virtual networks, virtual networks connected to a virtual network gateway, the virtual IP address of the host, and address prefixes used on user-defined routes. This tag might also contain default routes.

Note that you cannot remove the default rules, but you can override them by creating rules with higher priorities.

Combination of AllowVNetInBound and AllowVnetOutBound default NSG rules allows any kind of communication to happen within a virtual network(within/across subnets)
Example to Illustrate NSG Fundamentals

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store