Good day all. I seem to be experiencing challenges with Resource Manager Network Security Groups. I've been loosely following this article:
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-dmz-nsg-asm/
I can't seem to get RM_NSGs to consistently function as I expect... which would be to block traffic between two subnets on the same virtual network. Here's a graphic of my config. The RM_NSG named Net_DMZ doesn't have any non-default rules yet. The RM_NSG named Net_int has two custom inbound rules; (100) one for RDP and (110) to block all traffic from the other subnet (10.2.0.0). I would expect this rule to block all traffic from 10.2.2.10 to 10.1.1.60, but it isn't as shown by ping responses received. In the portal I've confirmed that the NSG config has been deployed. The PowerShell command below shows the current config. I don't know if this is a coincidence, but it seems like it may take 30-60 minutes for the NSG changes to actually block as I expect it to, even if the portal confirms the configuration has been saved after 1 minute of making the change to the inbound rule. Is this expected behavior? What am I doing wrong? Can you test yourself and let me know if you're experiencing a similar behavior?
Thank you!
Me