I've got an Azure service fabric setup and I'd like the back end services to be able to make calls to an external API.
To this end I have created a Network Security Group instance and set the subnet to be that of the backend subnet of the service fabric setup. I have then added the external IP as an acceptable outbound rule. Unfortunately the outbound request still seems to be blocked.
As a further test I have also added 3389 as an acceptable inbound rule to allow RDP to the first of the backend servers. While I can RDP to the fist server in the scaleset, I can still access the other backend services in on RDP ports 3390 and 3391.
Is there something else I need to do to apply the NSG?
by default NSG doesnt block outbound requests, so you would first need to block all outbound requests and then allow your specific ones.
not sure about the RDP problem, are you using NATting? Never saw VMSS available on 3390 or 3391? In case you are - you need to apply NSG to a load balancers Subnet.