Are any of those statefull firewalls ? Do we track TCP sessions ? And accept return traffic by default ?
For example inbound security rules in NSG: it looks like returning traffic is accepted by default ? Assuming it's matching corresponding session (so we need to track TCP sessions). Are we statefull then ?