![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 50%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZL%3C/text%3E%3C/svg%3E)
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,678 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 49%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Hi @Zengbo Luo,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
As i understand that you are trying to block the outbound requests to Cosmos DB using Network Security Group(NSG) rule.
I would like to inform you that, The Azure Cosmos DB service tag only covers gateway traffic and do not include physical partition IP ranges. When you added a Network Security Group (NSG) rule to block outbound traffic to Cosmos DB using the service tag, you effectively blocked traffic to the gateway layer.
Please refer to this link https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview
Hope this helps. Do let us know if you have any further queries.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.