Windows Azure: ACLs apply to ALL traffic on the local port

Its not very clear fromt he documentation that adding an ACL also affects internal virtual network communications as well as external endpoint access on the port defined.

For Example:

If you have two machines in different services connected via the same virtual network and are using the internal subnet IP for communication, the ACL will be applied to the traffic on the internal IP aswell as the external IP/Endpoint you apply it to, even if your not accessing the port via the external IP/endpoint.

Therefore, ensure you allow access for your virtual network subnets if you do plan to allow communication internally as this has caught me out on two occasions now.

I’m sure there’s a good reason as to why the ACL is applied to internal traffic too, but given you don’t need an endpoint defined for internal communication and the ACL is applied to the endpoint it is a little confusing.

Note: This also applies to Site-to-Site links (And assume Point-to-Site, although have not tested)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s