Azure Firewall Network Rules

Shola Lawani 531 Reputation points Microsoft Employee

Hello Experts,

Quick question about Azure Firewall network rules...are they stateful?

So if I create a network rule that "Allows" RDP into a VM from an On-prem network, is that rule bi-directional (inboud-outbound)?

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
563 questions
0 comments No comments
{count} votes

1 additional answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 46,931 Reputation points Microsoft Employee

    Hello anonymous user ,

    As mentioned here, you can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections. So yes, Azure Firewall Network rules are stateful which means if you create a network rule that "Allows" RDP into a VM from an On-prem network, you do not have to explicitly create the outbound rule and it will be bidirectional.

    You can also go through the Azure firewall rule processing logic to get a better understanding of how rule collections are processed according to the rule type in priority order.
    Please refer :

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments