Azure network rules - statefull firewall

Occasional Contributor

Hello Team,


There are so many different types of network rules in Azure. For example those defined for cloud services:


Or network security groups for VM traffic.

Are any of those statefull firewalls ? Do we track TCP sessions ? And accept return traffic by default ?

For example inbound security rules in NSG: it looks like returning traffic is accepted by default ? Assuming it's matching corresponding session (so we need to track TCP sessions). Are we statefull then ?




1 Reply
best response confirmed by Michal Garcarz (Occasional Contributor)

Hi Michal,


Azure NSG rules are statefull, means if you allow inbound traffic the same outbound traffic  allowed