Skip to content

Commit 02d8829

Browse files
ktoliverktoliver
authored
Merge pull request #72562 from anharazi/patch-2
Update application security group restrictions
2 parents 19efa1d + 12fc4d5 commit 02d8829

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/virtual-network/application-security-groups.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ The rules that specify an application security group as the source or destinatio
5252
Application security groups have the following constraints:
5353

5454
- There are limits to the number of application security groups you can have in a subscription, as well as other limits related to application security groups. For details, see [Azure limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-resource-manager-virtual-networking-limits).
55-
- You can specify one application security group as the source and destination in a security rule. You cannot specify multiple application security groups in the source or destination.
55+
- In the Azure portal, you can specify only one application security group as the source and destination in a security rule. In the REST API (including PowerShell/Azure CLI), you can specify multiple application security groups in the source or destination.
5656
- All network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in. For example, if the first network interface assigned to an application security group named *AsgWeb* is in the virtual network named *VNet1*, then all subsequent network interfaces assigned to *ASGWeb* must exist in *VNet1*. You cannot add network interfaces from different virtual networks to the same application security group.
5757
- If you specify an application security group as the source and destination in a security rule, the network interfaces in both application security groups must exist in the same virtual network. For example, if *AsgLogic* contained network interfaces from *VNet1*, and *AsgDb* contained network interfaces from *VNet2*, you could not assign *AsgLogic* as the source and *AsgDb* as the destination in a rule. All network interfaces for both the source and destination application security groups need to exist in the same virtual network.
5858

0 commit comments

Comments
 (0)