Skip to content

Avoid denying all inbound traffic#

Operational Excellence · Network Security Group · 2020_06

Avoid denying all inbound traffic.


Network Security Groups can be configured to block all inbound network traffic. Blocking all inbound traffic will fail load balancer health probes and other required traffic.

When using a custom deny all inbound rule, also add rules to allow permitted traffic. To permit network traffic, add a custom allow rule with a lower priority number then the deny all rule. Rules with a lower priority number will be processed first. 100 is the lowest priority number.


Consider using a higher priority number for deny all rules to allow permitted traffic rules to be added.

Last update: 2021-07-25