question

barto90 avatar image
1 Vote"
barto90 asked msrini-MSFT answered

NSG Rule time to be effective

Hi All,

We use the REST API to dynamically add NSG rules to a NSG of a specific VM. I see that the rules are added to the NSG but they are not shown yet in the "effective security rules".

During the time the rules don't show up in the "effective security rules" the traffic is not allowed from the VM to its destination.

I have a gut feeling that the added rules first need evaluation before being 'final' effective. But I cannot find anything on that in the documentation.

When the rule finally pops-up in the effective security rules the network traffic seems to be allowed. Until then -> no luck with the NSG rule.

Anyone else who knows the answer to this question?

azure-virtual-network
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@barto90 I will reach out internally for more information regarding this and I will keep you updated with more information. Thank you!

1 Vote 1 ·

1 Answer

msrini-MSFT avatar image
0 Votes"
msrini-MSFT answered

@barto90,

When you make a change to the existing NSG rule to block the traffic, the flows which are active will still be running and will not be terminated. Any new flow will hit that rule and that gets blocked. It has nothing to do with the effective Security rules. Also, when you make changes, give it a 30 seconds for the system to populate the change all the way in the stack to get it working.

Let me know if you have any questions.

Regards,
Karthik Srinivas

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.