The situation: Got a Win2016 DC in a cloud network. WAN is disabled for this machine. LAN is connected to PfSense. PfSense manages the VPN and IPSec between cloud an on-premise. PfSense only allows whitelisted traffic between all machines/services DC has a list of rules so it can so its job. This works partially, still got "no internet" alert in DC and WSUS is not working as expected.
Now DC needs a connection to another online service.
Should this be whitelisted or is it allowed to allow outbound traffic from this DC via PfSense to the internet? I know that a DC directly on the internet is bad practice but does this above also apply to this rule