Its not very clear fromt he documentation that adding an ACL also affects internal virtual network communications as well as external endpoint access on the port defined. For Example: If you have two machines in different services connected via the same virtual network and are using the internal subnet IP for communication, the ACL will be applied to the traffic on the internal IP aswell as the external IP/Endpoint you apply it to, even if your not accessing the port via the external IP/endpoint.