Question: Why allow 80/8080 to everything

[binaryjam]

[Enter feedback here] In the NSG rules you add the DenyAll Inbound to make this strict, so no intercommuncation between anything (4096)

But then add 80/8080 inbound from any to any, so let incoming traffic from anywhere? get to anywhere, now this would only be within the vnet itself, but any and all future subnets could talk port 80/8080 between themselves ?

Why go to the effort of locking down everything then being less specific within that vnet itself ? Why does the example not specifically say this subnet or lists of subnets and also can ASGs be used as the target here ?

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 5205311a-b7b3-935d-1d25-54e397d3dd4c
• Version Independent ID: d560abe8-04ce-4ff9-6473-23c4b679ab22
• Content: Private Application Gateway deployment (preview) - Azure Application Gateway
• Content Source: articles/application-gateway/application-gateway-private-deployment.md
• Service: application-gateway
• GitHub Login: @greg-lindsay
• Microsoft Alias: greglin

[PesalaPavan]

@binaryjam Thanks for your feedback! We will investigate and update as appropriate.

[ManoharLakkoju-MSFT]

Hi @binaryjam I'd recommend working closer with our support team via an Azure support request. Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds.

Teams Q&A forum for technical questions about the configuration and administration of Microsoft Teams on Windows. Microsoft Teams Community forum Thank you for your time and patience throughout this issue.