应用程序网关和NSG行为 [英] Application Gateway and NSG Behaviour

问题描述

我有一个应用程序网关，后端池中有2个IaaS虚拟机，SSL卸载，一切正常

我偶然将NSG应用到包含后端的子网池服务器和NSG拒绝从虚拟网络到虚拟网络规则。 然而，该网站继续工作，登录到Web服务器后，我仍然可以看到
端口80上的Web请求到达Web服务器，尽管该子网上的虚拟网络已被拒绝。

显然这对我来说是一个错误，但这是我预料会破坏网站的错误。 那么为什么不是我的问题？

后端池成员是否被排除在子网上的NSG规则之外？

解决方案

NSG规则通常应用于子网级别，也可以包括您的后端子网。如果您已经在VM的后端子网或网络接口
上应用了NSG规则，并且您尝试再应用一个NSG规则可能会产生冲突，并且NSG规则可能无法正常工作，并且可能存在通信问题。

I have an application gateway with 2 IaaS VMs in the backend pool, SSL offload and everything working fine

By accident I applied an NSG to the subnet that contained the backend pool servers and in that NSG was a deny any from virtual network to virtual network rule.  Yet the website continued to work, after logging onto the web servers I could still see the web requests on port 80 hitting the web servers despite the deny any from virtual network being in place on that subnet.

Obviously this was a mistake on my part but it was a mistake I expected would then break the website.  So why didn't it is my question?

Are backend pool members somehow excluded from NSG rules on a subnet?

解决方案

NSG rules are usually applied on subnet level which can include your backend subnet as well. If you are already had applied NSG rule on your backend subnet or network interface of VM and you trying to apply one more NSG rules can create a conflict and maybe NSG rules will not work and there could be a problem in communication.

这篇关于应用程序网关和NSG行为的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！