Share via

NSG Rule time to be effective

Bart Pasmans 6 Reputation points
2021-10-28T14:09:33.207+00:00

Hi All,

We use the REST API to dynamically add NSG rules to a NSG of a specific VM. I see that the rules are added to the NSG but they are not shown yet in the "effective security rules".

During the time the rules don't show up in the "effective security rules" the traffic is not allowed from the VM to its destination.

I have a gut feeling that the added rules first need evaluation before being 'final' effective. But I cannot find anything on that in the documentation.

When the rule finally pops-up in the effective security rules the network traffic seems to be allowed. Until then -> no luck with the NSG rule.

Anyone else who knows the answer to this question?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,186 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,281 Reputation points Microsoft Employee
    2021-11-04T06:52:13.65+00:00

    @Anonymous ,

    When you make a change to the existing NSG rule to block the traffic, the flows which are active will still be running and will not be terminated. Any new flow will hit that rule and that gets blocked. It has nothing to do with the effective Security rules. Also, when you make changes, give it a 30 seconds for the system to populate the change all the way in the stack to get it working.

    Let me know if you have any questions.

    Regards,
    Karthik Srinivas

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.