This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 8%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVG%3C/text%3E%3C/svg%3E)
I need to add inbound and outbound rules to my Bastion NSG, the documentation states that:
"Important:
If you choose to use an NSG with your Azure Bastion resource, you must create all of the following ingress and egress traffic rules. Omitting any of the following rules in your NSG will block your Azure Bastion resource from receiving necessary updates in the future and therefore open up your resource to future security vulnerabilities."
Unfortunately, the service tag GatewayManager' and 'AzureCloud' is not available in the list of service tags, I only have Internet, Virtual Network and AzureLoadBalancer are available.
what should I do, please help ASAP. thank you.
Hello @Vincent Go ,
To allow Ingress Traffic from Azure Bastion control plane: you need to enable port 443 inbound from GatewayManager service tag. It is available in the source service tag as below:
As you don't see any other service tags in the source of your NSG apart from the 3 listed, could you please check if there is any policy restricting the listing of all service tags in your NSG within your subscription?
Regards,
Gita
Hello @Vincent Go , could you please provide an update on this post?
Hello @Vincent Go , do you have any updates on this issue from your end?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
I got the same problem when adding the Ingress Traffic. There is no "GatewayManager" can be chose. How to display the rest of the service tags?
Hello @Kelvin Yam ,
Are you using a Classic Network Security Group?
The classic deployment model supports just those 3 service tags.
If you are not using the classic deployment model and are using the Azure Resource Manager model but still unable to see the whole service tag list, I would request you to try and get the list of service tags using Azure PowerShell or Azure CLI.
Azure PowerShell: https://learn.microsoft.com/en-us/powershell/module/az.network/get-aznetworkservicetag?view=azps-11.0.0
Regards,
Gita
Hi,
The Destination service tag is the one that you need to look for. Destination service tag has gateway manager tag and Azure cloud tag.
Regards,
Karthik Srinivas
Thanks for your information. Unfortunately, there is no gateway manager tag and Azure cloud tag showing. It only shows you the three default tags.