I'm trying to add an allow rule for management into my ACL. I have a Deny All inbound at the bottom of the ACL and the allow management at the top. Yet I cannot SSH into Virtual Machines in the Subnet. If I change the Deny All Inbound to Allow or just remove it everything works.
My understanding is that if I have an allow-all from x.x.x.x/32 at rule number 1 it would supersede any deny rules. Is that not correct? Here's my acl exported 6b7f371d-3dc4-469e-b5cf-6b74c1762195 all Ingress Active x.x.x.x/32 2d3758c6-2b98-433b-b507-c038ad03f33b test-acl-1 1 Allow TRUE SYSTEM: MANAGEMENT INBOUND 5baa2be8-39d1-4c6f-b2ee-e42b69f52242 icmp Ingress Active 0.0.0.0/0 2d3758c6-2b98-433b-b507-c038ad03f33b test-acl-1 10998 Deny TRUE Deny All ICMP Inbound 90801df9-3dcc-4406-8cf6-2923b70ce46a all Ingress Active 0.0.0.0/0 2d3758c6-2b98-433b-b507-c038ad03f33b test-acl-1 11000 Deny TRUE Deny All Inbound
