We are developing an application with Service Fabric based on this ARM template https://github.com/Azure/azure-quickstart-templates/tree/master/service-fabric-secure-nsg-cluster-65-node-3-nodetype.
We have two nodetypes: frontend, backend. The idea is to expose the frontend to the internet and the backend nodetype should only be accessible via the frontend nodetype. This is what we build, except we have two nodetypes: https://github.com/Azure/azure-quickstart-templates/blob/master/service-fabric-secure-nsg-cluster-65-node-3-nodetype/NSG1.PNG
We have 1 service fabric vnet, two subnets (frontend and backend), two load balancers (which are accessible from the net) and two network security groups.
We want to access a service fabric service in nodetype backend with port X. We access the backend load balancer from a frontend instance. An inbound security rule (backend) is blocking the traffic (prio 4095, "blockall").
If we create a rule to allow port x (source any and destination) it works. But we want to restrict access from outside. We configure the network security group with source Load balancer and destination any, but we still cannot connect from frontend node type.Anyone else has this problem?
