Firewall rule behavior varies with different Security Groups.
| Enable User Identity Security Group (RDSH Section) | Identity Security Group (RDSH Section) | Any Security Group (Non-RDSH Section) |
|---|---|---|
| Source - SID based rules are preemptively pushed to hypervisor. Rule enforcement is on the first packet. | Source - IP based rules | Source - IP based rules |
| Destination - IP based rules | Destination - IP based rules | Destination - IP based rules |
| Applied To with Identity based Security Group - Applied to all hosts | User based Applied To | |
| Applied To with Non-Identity based Security Group - User based Applied to | User based Applied to | |
