You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/network-watcher-ip-flow-verify-overview.md
+8-2Lines changed: 8 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,18 +17,24 @@ IP flow verify is a feature in Azure Network Watcher that you can use to check i
17
17
18
18
IP flow verify looks at the rules of all network security groups applied to a virtual machine's network interface, whether the network security group is associated to the virtual machine's subnet or network interface. It additionally, looks at the Azure Virtual Network Manager rules applied to the virtual network of the virtual machine.
19
19
20
+
IP flow verify uses traffic direction, protocol, local IP, remote IP, local port, and remote port to test security and admin rules that apply to the virtual machine's network interface.
21
+
20
22
:::image type="content" source="./media/network-watcher-ip-flow-verify-overview/ip-flow-verify-portal.png" alt-text="Screenshot of IP flow verify in the Azure portal." lightbox="./media/network-watcher-ip-flow-verify-overview/ip-flow-verify-portal.png":::
21
23
22
-
IP flow verify uses traffic direction, protocol, local IP, remote IP, local port, and remote port to test security and admin rules that apply to the virtual machine's network interface. IP flow verify returns **Access denied** or **Access allowed**, the name of the security rule that denies or allows the traffic, and the network security group with a link to it so you can edit it if you need to. IP flow verify doesn't provide a link if a default security rule is denying or allowing the traffic. For more information, see [Default security rules](../virtual-network/network-security-groups-overview.md#default-security-rules).
24
+
IP flow verify returns **Access denied** or **Access allowed**, the name of the security rule that denies or allows the traffic, and the network security group with a link to it so you can edit it if you need to. It doesn't provide a link if a default security rule is denying or allowing the traffic. For more information, see [Default security rules](../virtual-network/network-security-groups-overview.md#default-security-rules).
23
25
24
26
:::image type="content" source="./media/network-watcher-ip-flow-verify-overview/access-denied.png" alt-text="Screenshot of IP flow verify result in the Azure portal." lightbox="./media/network-watcher-ip-flow-verify-overview/access-denied.png":::
25
27
26
28
To use IP flow verify, you need to a Network Watcher instance in the Azure subscription and region of the virtual machine and have the necessary permissions to access the feature. For more information, see [Enable or disable Azure Network Watcher](network-watcher-create.md) and [RBAC permissions required to use Network Watcher capabilities](required-rbac-permissions.md).
27
29
30
+
> [!NOTE]
31
+
> - IP flow verify tests TCP and UDP traffic. To test ICMP traffic, use [NSG diagnostics](network-watcher-network-configuration-diagnostics-overview.md).
32
+
> - IP flow verify tests security and admin rules applied to a virtual machine's network interface. To test virtual machine scale sets, use [NSG diagnostics](network-watcher-network-configuration-diagnostics-overview.md).
33
+
28
34
## Next step
29
35
30
36
To learn how to use IP flow verify, continue to:
31
37
32
38
> [!div class="nextstepaction"]
33
-
> [Diagnose a virtual machine network traffic filter problem](diagnose-vm-network-traffic-filtering-problem.md)
39
+
> [Diagnose a virtual machine network traffic filter problem](diagnose-vm-network-traffic-filtering-problem.md).
0 commit comments