AzureLoadBalancer allow all traffic to vnet

SecGlad 41 Reputation points
2022-12-16T09:29:44.647+00:00

I see many nsg allowing a rule for azure LB
AzureLoadBalancer->Any destination->Any port

Does azure LB use a specific service port for probe or is it mandatory to allow all ports to all destinations. I am more interested allowing only icmp and service port for backend severs only.

Another standard default rule which i find annoying is
VirtualNetwork Any icmp

Why to allow icmp within a vnet?

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
401 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 41,916 Reputation points
    2022-12-16T09:58:29.517+00:00

    Hi,

    Health probes support multiple protocols. The availability of a specific health probe protocol varies by Load Balancer SKU. Additionally, the behavior of the service varies by Load Balancer SKU and by default, every network security group includes the service tag AzureLoadBalancer to permit health probe traffic.

    Check some of the FAQs here and ALB Health probe config.

    Hope this helps.
    JS

    ==
    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments