Firewall rule behavior varies with different Security Groups.
|Enable User Identity Security Group (RDSH Section)||Identity Security Group (RDSH Section)||Any Security Group (Non-RDSH Section)|
|Source - SID based rules are preemptively pushed to hypervisor. Rule enforcement is on the first packet.||Source - IP based rules||Source - IP based rules|
|Destination - IP based rules||Destination - IP based rules||Destination - IP based rules|
|Applied To with Identity based Security Group - Applied to all hosts||User based Applied To|
|Applied To with Non-Identity based Security Group - User based Applied to||User based Applied to|