While you go to the Destination VM in Azure and test the Inbound connection under Connection Troubleshoot, you will get the error message:
“Network connectivity blocked by security group rule: UserRule_DenyConnectionFromSource”

Azure

Reason for this issue

  • Network Security Groups (NSGs) are used in Azure to control inbound and outbound traffic to virtual machines and other resources.
  • A specific deny rule (like UserRule_DenyConnectionFromSource) is configured to block traffic from certain sources, such as a range of IP addresses or specific ports.

This rule might be in place for security reasons, such as:

  • Preventing access from untrusted networks or IP ranges.
  • Blocking specific protocols or ports to reduce attack surfaces.
  • Meeting compliance or security policies.

Steps to resolve the issue

Step 1. Go to Networking to update the rule or create a new rule with a higher priority and a lower number.

Microsoft Azure

Step 2. Go to Source VM. select Connection to troubleshoot under Support + Troubleshooting.

Step 3. Click Outbound Connections and provide the IP address of the destination VM.

Step 4. Select the destination port service as HTTP. Then test the connection.

Network Connectivity blocked

Step 5. Go to the Virtual Network where the destination VM is.

Step 6. Navigate to the left panel, click on Diagnose and solve problems.

Step 7. Scroll down and select Connectivity.

Step 8. In the dropdown select Unable to reach a port. Then choose destination VM and Port trying to connect to.

Step 9. Click on the Submit button.

The result shows “Cannot connect to Virtual Machine because of blocked ports”

Microsoft Azure

Step 10. Follow the instructions below the error to resolve the issue.

Our team of experts are here to help you with these issues.