Where does Azure Firewall send TCP RST packets during Virtual Machine Scale Set scale in (scale down)?

Question

Currently we have connection losses in our network, these seem to coincide with Azure Firewall VM instance shutdowns. Therefore I better want to understand what happens. In the Load Balancer TCP Reset and Idle Timeout documentation I read that it’s possible to send bidirectional TCP Resets (TCP RST packet) on idle timeout. “When enabled per rule, Load Balancer will send bidirectional TCP Reset (TCP RST packets) to both client and server endpoints at the time of idle timeout for all matching flows.” In the firewall-faq I read that: “An Azure Firewall VM instance shutdown may occur during Virtual Machine Scale Set scale in (scale down) …. After 45 seconds the firewall starts rejecting existing connections by sending TCP RST packets.” Jet not in what direction this RST packet is send. So my question is: Where does Azure Firewall send TCP RST packets during VM instance shutdowns, during Virtual Machine Scale Set scale in (scale down)?

Answer 1

Gun, JP van der (Joost) - Beheer

Thank you for reaching out.

I understand you wish to know where the TCP RST packets are sent when the VMSS scales down and after 45 seconds the firewall starts rejecting existing connections by sending TCP RST packets.

The TCP Reset (TCP RST packets) are sent bidirectional to both client and server endpoints.

Hope this helps! Please let me know if you have any additional questions here. Thank you!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.