The second rule allows access to port 1194 and 123 via UDP (if you're deploying to Azure China 21Vianet, you might require more). Both these rules will only allow traffic destined to the Azure Region CIDR that we're using, in this case East US.

