Score:2

Azure vnet gateway - Block traffic between connected P2S clients (client-to-client)

in flag

I have set up an Azure VNet gateway to allow P2S clients to connect to resources within a VNet.

The VNet has address range 10.0.0.0/24, and has two subnets: the GatewaySubnet 10.0.0.0/25 and the WorkloadSubnet 10.0.0.128/25. The P2S address pool is 10.1.0.0/24. We want to allow P2S clients to reach machines in the WorkloadSubnet, which works fine. However, a P2S client at e.g. 10.1.0.12 is allowed to talk to another P2S client at e.g. 10.1.0.13. This is not desirable, and we want to block all traffic between P2S clients.

An NSG is not allowed on the GatewaySubnet, so how can I achieve this?

Score:0
pk flag

I have the same question and scenario. Just went down the path of an NSG and realized it doesn't work for the subnet in question. Have you gotten anywhere with this?

ph flag
This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://serverfault.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://serverfault.com/help/whats-reputation), you can also [add a bounty](https://serverfault.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/537963)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.