Yes they are stateful. If you create a rule for RDP inbound, you do not need to create any outbound rules.
Azure Firewall Network Rules
Hello Experts,
Quick question about Azure Firewall network rules...are they stateful?
So if I create a network rule that "Allows" RDP into a VM from an On-prem network, is that rule bi-directional (inboud-outbound)?
1 additional answer
Sort by: Most helpful
-
GitaraniSharma-MSFT 49,691 Reputation points Microsoft Employee
2020-11-24T14:19:15.197+00:00 Hello anonymous user ,
As mentioned here, you can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections. So yes, Azure Firewall Network rules are stateful which means if you create a network rule that "Allows" RDP into a VM from an On-prem network, you do not have to explicitly create the outbound rule and it will be bidirectional.
You can also go through the Azure firewall rule processing logic to get a better understanding of how rule collections are processed according to the rule type in priority order.
Please refer : https://learn.microsoft.com/en-us/azure/firewall/rule-processingHope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.