Merge pull request #289504 from halkazwini/nw-nsgdiag

Updates: NSG diagnostics overview

Author: JamesJBarnett

articles/network-watcher/.openpublishing.redirection.network-watcher.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/network-watcher/network-watcher-network-configuration-diagnostics-overview.md",
+            "redirect_url": "/azure/network-watcher/nsg-diagnostics-overview",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/network-watcher/usage-scenarios-traffic-analytics.md",
             "redirect_url": "/azure/network-watcher/traffic-analytics-usage-scenarios",

articles/network-watcher/diagnose-network-security-rules.md

@@ -14,7 +14,7 @@ ms.custom: devx-track-azurepowershell, devx-track-azurecli
 
 You can use [network security groups](../virtual-network/network-security-groups-overview.md) to filter and control inbound and outbound network traffic to and from your Azure resources. You can also use [Azure Virtual Network Manager](../virtual-network-manager/overview.md) to apply admin security rules to your Azure resources to control network traffic.
 
-In this article, you learn how to use Azure Network Watcher [NSG diagnostics](network-watcher-network-configuration-diagnostics-overview.md) to check and troubleshoot security rules applied to your Azure traffic. NSG diagnostics checks if the traffic is allowed or denied by applied security rules.
+In this article, you learn how to use Azure Network Watcher [NSG diagnostics](nsg-diagnostics-overview.md) to check and troubleshoot security rules applied to your Azure traffic. NSG diagnostics checks if the traffic is allowed or denied by applied security rules.
 
 The example in this article shows you how a misconfigured network security group can prevent you from using Azure Bastion to connect to a virtual machine.
 

articles/network-watcher/frequently-asked-questions.yml

@@ -9,7 +9,7 @@ metadata:
   ms.date: 09/06/2024
 title: "Network Watcher frequently asked questions (FAQ)"
 summary: |
-  This article provides answers to some of the frequently asked questions asked about Azure Network Watcher.
+  This article provides answers to the most frequently asked questions asked about Azure Network Watcher.
   
 
 sections:
@@ -18,27 +18,27 @@ sections:
       - question: |
           What is Network Watcher?
         answer: |
-          [Network Watcher](./network-watcher-monitoring-overview.md) provides a suite of tools to monitor, diagnose, view metrics, and enable or disable logs for IaaS (Infrastructure-as-a-Service) resources, which include virtual machines, virtual networks, application gateways, load balancers, and other resources in an Azure virtual network. It isn't a solution for monitoring PaaS (Platform-as-a-Service) infrastructure or getting web/mobile analytics.
+          [Network Watcher](network-watcher-overview.md) provides a suite of tools to monitor, diagnose, view metrics, and enable or disable logs for IaaS (Infrastructure-as-a-Service) resources, which include virtual machines, virtual networks, application gateways, load balancers, and other resources in an Azure virtual network. It isn't a solution for monitoring PaaS (Platform-as-a-Service) infrastructure or getting web/mobile analytics.
 
       - question: |
           What tools does Network Watcher provide?
         answer: |
           Network Watcher provides three major sets of capabilities:
           * Monitoring
-            * [Topology view](./view-network-topology.md) shows you the resources in your virtual network and the relationships between them.
-            * [Connection monitor](./connection-monitor-overview.md) allows you to monitor connectivity and latency between endpoints inside and outside Azure.
+            * [Topology view](view-network-topology.md) shows you the resources in your virtual network and the relationships between them.
+            * [Connection monitor](connection-monitor-overview.md) allows you to monitor connectivity and latency between endpoints inside and outside Azure.
           * Network diagnostic tools
-            * [IP flow verify](./network-watcher-ip-flow-verify-overview.md) allows you to detect traffic filtering issues at a virtual machine level.
-            * [NSG diagnostics](./network-watcher-network-configuration-diagnostics-overview.md) allows you to detect traffic filtering issues at a virtual machine, virtual machine scale set, or application gateway level.
-            * [Next hop](./network-watcher-next-hop-overview.md) helps you verify traffic routes and detect routing issues.
-            * [Connection troubleshoot](./network-watcher-connectivity-portal.md) enables a one-time connectivity and latency check between a virtual machine and Bastion host, application gateway, or another virtual machine.
-            * [Packet capture](./network-watcher-packet-capture-overview.md) enables you to capture your virtual machine traffic.
-            * [VPN troubleshoot](./network-watcher-troubleshoot-overview.md) runs multiple diagnostics checks on your VPN gateways and connections to help debug issues.
+            * [IP flow verify](network-watcher-ip-flow-verify-overview.md) allows you to detect traffic filtering issues at a virtual machine level.
+            * [NSG diagnostics](nsg-diagnostics-overview.md) allows you to detect traffic filtering issues at a virtual machine, virtual machine scale set, or application gateway level.
+            * [Next hop](network-watcher-next-hop-overview.md) helps you verify traffic routes and detect routing issues.
+            * [Connection troubleshoot](network-watcher-connectivity-portal.md) enables a one-time connectivity and latency check between a virtual machine and Bastion host, application gateway, or another virtual machine.
+            * [Packet capture](network-watcher-packet-capture-overview.md) enables you to capture your virtual machine traffic.
+            * [VPN troubleshoot](network-watcher-troubleshoot-overview.md) runs multiple diagnostics checks on your VPN gateways and connections to help debug issues.
           * Traffic
-            * [Network security group flow logs](./network-watcher-nsg-flow-logging-overview.md) and [virtual network flow logs](vnet-flow-logs-overview.md) allow you to log network traffic passing through your network security groups (NSGs) and virtual networks respectively.
-            * [Traffic analytics](./traffic-analytics.md) processes your network security group flow log data enabling you to visualize, query, analyze, and understand your network traffic.
+            * [Network security group flow logs](network-watcher-nsg-flow-logging-overview.md) and [virtual network flow logs](vnet-flow-logs-overview.md) allow you to log network traffic passing through your network security groups (NSGs) and virtual networks respectively.
+            * [Traffic analytics](traffic-analytics.md) processes your network security group flow log data enabling you to visualize, query, analyze, and understand your network traffic.
           
-          For more detailed information, see [Network Watcher overview](./network-watcher-overview.md).
+          For more detailed information, see [Network Watcher overview](network-watcher-overview.md).
           
       - question: |
           How does Network Watcher pricing work?
@@ -53,12 +53,12 @@ sections:
       - question: |
           What permissions are required to use Network Watcher?
         answer: |
-          See [Azure RBAC permissions required to use Network Watcher](./required-rbac-permissions.md) for a detailed list of required permissions for each of capability of Network Watcher.
+          See [Azure RBAC permissions required to use Network Watcher](required-rbac-permissions.md) for a detailed list of required permissions for each of capability of Network Watcher.
           
       - question: |
           How do I enable Network Watcher?
         answer: |
-          The Network Watcher service is automatically enabled for every subscription. You must manually enable Network Watcher if you opted out Network Watcher automatic enablement. For more information, see [Enable or disable Azure Network Watcher](./network-watcher-create.md).
+          The Network Watcher service is automatically enabled for every subscription. You must manually enable Network Watcher if you opted out Network Watcher automatic enablement. For more information, see [Enable or disable Azure Network Watcher](network-watcher-create.md).
           
       - question: |
           What is the Network Watcher deployment model?
@@ -245,7 +245,7 @@ sections:
       - question: |
           What is the difference between flow logs versions 1 and 2?
         answer: |
-          Flow logs version 2 introduces the concept of *flow state* and stores information about bytes and packets transmitted. For more information, see [Network security group flow log format](./network-watcher-nsg-flow-logging-overview.md#log-format).
+          Flow logs version 2 introduces the concept of *flow state* and stores information about bytes and packets transmitted. For more information, see [Network security group flow log format](network-watcher-nsg-flow-logging-overview.md#log-format).
 
       - question: |
           Can I create a flow log for a network security group that has a read-only lock?

articles/network-watcher/ip-flow-verify-overview.md

@@ -29,8 +29,8 @@ IP flow verify returns **Access denied** or **Access allowed**, the name of the
 
 - You must have a Network Watcher instance in the Azure subscription and region of the virtual machine. For more information, see [Enable or disable Azure Network Watcher](network-watcher-create.md).
 - You must have the necessary permissions to access the feature. For more information, see [RBAC permissions required to use Network Watcher capabilities](required-rbac-permissions.md).
-- IP flow verify only tests TCP and UDP rules. To test ICMP traffic rules, use [NSG diagnostics](network-watcher-network-configuration-diagnostics-overview.md).
-- IP flow verify only tests security and admin rules applied to a virtual machine's network interface. To test rules applied to virtual machine scale sets, use [NSG diagnostics](network-watcher-network-configuration-diagnostics-overview.md).
+- IP flow verify only tests TCP and UDP rules. To test ICMP traffic rules, use [NSG diagnostics](nsg-diagnostics-overview.md).
+- IP flow verify only tests security and admin rules applied to a virtual machine's network interface. To test rules applied to virtual machine scale sets, use [NSG diagnostics](nsg-diagnostics-overview.md).
 
 ## Next step
 

articles/network-watcher/network-watcher-overview.md

@@ -58,7 +58,7 @@ Network Watcher offers seven network diagnostic tools that help troubleshoot and
 
 ### NSG diagnostics
 
-**NSG diagnostics** allows you to detect traffic filtering issues at a virtual machine, virtual machine scale set, or application gateway level. It checks if a packet is allowed or denied to or from an IP address, IP prefix, or a service tag. It tells you which security rule allowed or denied the traffic. It also allows you to add a new security rule with a higher priority to allow or deny the traffic. For more information, see [NSG diagnostics overview](network-watcher-network-configuration-diagnostics-overview.md) and [Diagnose network security rules](diagnose-network-security-rules.md).
+**NSG diagnostics** allows you to detect traffic filtering issues at a virtual machine, virtual machine scale set, or application gateway level. It checks if a packet is allowed or denied to or from an IP address, IP prefix, or a service tag. It tells you which security rule allowed or denied the traffic. It also allows you to add a new security rule with a higher priority to allow or deny the traffic. For more information, see [NSG diagnostics overview](nsg-diagnostics-overview.md) and [Diagnose network security rules](diagnose-network-security-rules.md).
 
 ### Next hop
 

articles/network-watcher/network-watcher-network-configuration-diagnostics-overview.md renamed to articles/network-watcher/nsg-diagnostics-overview.md

@@ -1,13 +1,12 @@
 ---
-title: NSG diagnostics
+title: NSG diagnostics overview
 titleSuffix: Azure Network Watcher
-description: Learn about NSG diagnostics tool in Azure Network Watcher.
+description: Learn about NSG diagnostics tool in Azure Network Watcher how it can help you troubleshoot traffic issues.
 author: halkazwini
-ms.service: azure-network-watcher
 ms.author: halkazwini
-ms.reviewer: shijaiswal
-ms.topic: conceptual
-ms.date: 06/27/2023
+ms.service: azure-network-watcher
+ms.topic: concept-article
+ms.date: 10/29/2024
 ---
 
 # NSG diagnostics overview
@@ -25,6 +24,9 @@ The NSG diagnostics is an Azure Network Watcher tool that helps you understand w
 
 The NSG diagnostics tool can simulate a given flow based on the source and destination you provide. It returns whether the flow is allowed or denied with detailed information about the security rule allowing or denying the flow.
 
-## Next steps
+## Next step
+
+To learn how to use NSG diagnostics, continue to:
 
-To learn how to use the NSG diagnostics tool to check if your network traffic is allowed or denied, see [Diagnose network security rules](diagnose-network-security-rules.md).
+> [!div class="nextstepaction"]
+> [Diagnose network security rules](diagnose-network-security-rules.md)

articles/network-watcher/toc.yml

@@ -42,7 +42,7 @@
   - name: IP flow verify
     href: ip-flow-verify-overview.md
   - name: NSG diagnostics
-    href: network-watcher-network-configuration-diagnostics-overview.md
+    href: nsg-diagnostics-overview.md
   - name: Next hop
     href: next-hop-overview.md
   - name: Connection troubleshoot