Merge pull request #245223 from halkazwini/nw-faq

Update Network Watcher FAQ

Author: PMEds28

articles/network-watcher/frequently-asked-questions.yml

@@ -1,15 +1,15 @@
 ### YamlMime:FAQ
 metadata:
-  title: "Azure Network Watcher frequently asked questions (FAQ)"
+  title: "Network Watcher frequently asked questions (FAQ)"
   description: "This article answers frequently asked questions asked about the Azure Network Watcher service."
   services: network-watcher
   author: halkazwini
   ms.service: network-watcher
   ms.topic: faq
-  ms.date: 06/27/2023
+  ms.date: 07/19/2023
   ms.author: halkazwini
   ms.custom: engagement-fy23
-title: "Azure Network Watcher frequently asked questions (FAQ)"
+title: "Network Watcher frequently asked questions (FAQ)"
 summary: |
   This article provides answers to some of the frequently asked questions asked about Azure Network Watcher.
   
@@ -40,10 +40,8 @@ sections:
             * [NSG flow logs](./network-watcher-nsg-flow-logging-overview.md) allows you to log network traffic passing through your [network security groups (NSGs)](../virtual-network/network-security-groups-overview.md).
             * [Traffic analytics](./traffic-analytics.md) processes your NSG flow log data enabling you to visualize, query, analyze, and understand your network traffic.
           
-          
           For more detailed information, see [Network Watcher overview](./network-watcher-monitoring-overview.md).
           
-          
       - question: |
           How does Network Watcher pricing work?
         answer: |
@@ -67,38 +65,47 @@ sections:
       - question: |
           What is the Network Watcher deployment model?
         answer: |
-          The Network Watcher parent resource is deployed with a unique instance in every region. Naming format: NetworkWatcher_RegionName. Example: NetworkWatcher_centralus is the Network Watcher resource for the "Central US" region.
-          
+          The Network Watcher parent resource is deployed with a unique instance in every region. Default naming format: NetworkWatcher_RegionName. Example: NetworkWatcher_centralus is the Network Watcher resource for the "Central US" region. You can customize the name of Network Watcher instance using [PowerShell](network-watcher-create.md?tabs=powershell#enable-network-watcher-for-your-region) or [REST API](/rest/api/network-watcher/network-watchers/create-or-update).
+
       - question: |
-          What is the NetworkWatcherRG?
+          Why does Azure allow only one instance of Network Watcher per region? 
         answer: |
-          NetworkWatcherRG is a resource group that's automatically created for Network Watcher resources. For example, Network Watcher regional instances and the NSG flow log resources are created in **NetworkWatcherRG** resource group.
+          Network Watcher just needs to be enabled once per a region per a subscription for its features to work. Network Watcher is enabled in a region by creating a Network Watcher instance in that region.
 
       - question: |
-          Why do I need to install the Network Watcher agent? 
+          How can I manage Network Watcher resource? 
         answer: |
-          The Network Watcher agent is required for any feature that needs to generate or intercept traffic from a virtual machine. 
+          The Network Watcher resource represents the backend service for Network Watcher, which is fully managed by Azure. You don't need to manage it. Operations like move aren't supported on the resource. However, Network Watcher instance can be [deleted](network-watcher-create.md#disable-network-watcher-for-your-region) to disable Network Watcher in a particular region. 
 
       - question: |
-          Which features require the Network Watcher agent?
+          What is the NetworkWatcherRG?
         answer: |
-          The Packet capture, Connection troubleshoot and Connection monitor features require the Network Watcher extension to be present.
+          NetworkWatcherRG is a resource group that's automatically created for Network Watcher resources. For example, Network Watcher regional instances and the NSG flow log resources are created in **NetworkWatcherRG** resource group. You can customize the name of Network Watcher resource group using [PowerShell](network-watcher-create.md?tabs=powershell#enable-network-watcher-for-your-region), [Azure CLI](network-watcher-create.md?tabs=cli#enable-network-watcher-for-your-region), or [REST API](/rest/api/network-watcher/network-watchers/create-or-update).
 
       - question: |
-          What are resource limits on Network Watcher?
+          What are the resource limits on Network Watcher?
         answer: |
-          See the [Service limits](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-network-watcher-limits) page for all limits.  
+          Network Watcher has the following limits:
+          [!INCLUDE [network-watcher-limits](../../includes/network-watcher-limits.md)]
           
+  - name: Network Watcher Agent
+    questions:
       - question: |
-          Why does Azure allow only one instance of Network Watcher per region? 
+          Why do I need to install the Network Watcher agent? 
         answer: |
-          Network Watcher just needs to be enabled once per a region per a subscription for its features to work. A Network Watcher is enabled in a region by creating an instance in that region.
+          The Network Watcher agent is required for any feature that generates or intercepts traffic from a virtual machine. 
 
       - question: |
-          How can I manage Network Watcher resource? 
+          Which features require the Network Watcher agent?
         answer: |
-          The Network Watcher resource represents the backend service for Network Watcher, which is fully managed by Azure. You don't need to manage it. Operations like move aren't supported on the resource. However, [Network Watcher resource can be deleted](./network-watcher-create.md#disable-network-watcher-for-your-region) to disable Network Watcher in a particular region. 
-          
+          The Packet capture, Connection troubleshoot and Connection monitor features require the Network Watcher extension to be present.
+
+      - question: |
+          What ports does the Network Watcher agent use?
+        answer: |
+          - **Linux**: the Network Watcher agent uses available ports starting from port 50000 and above until it reaches port 65535.
+          - **Windows**: the Network Watcher agent uses ports that Windows responds with when queried for available ports.
+
   - name: Service availability and redundancy 
     questions:
       - question: |
@@ -111,13 +118,45 @@ sections:
         answer: |
           No configuration is necessary to enable zone-resiliency. Zone-resiliency for Network Watcher resources is available by default and managed by the service itself. 
 
+  - name: Connection monitor
+    questions:
+      - question: |
+          Does connection monitor support classic VMs?
+        answer: |
+          No, connection monitor doesn't support classic VMs. We recommended that you migrate infrastructure as a service (IaaS) resources from classic to Azure Resource Manager because classic resources [will be deprecated](../virtual-machines/classic-vm-deprecation.md). For more information, see [Migrate IaaS resources from classic to Azure Resource Manager](../virtual-machines/migration-classic-resource-manager-overview.md).
+
+      - question: |
+          What if my topology isn't decorated or my hops have missing information?
+        answer: |
+          Topology can be decorated from non-Azure to Azure only if the destination Azure resource and the connection monitor resource are in the same region.
+
+      - question: |
+          What happens if the connection monitor creation fails with the following error: "We don't allow creating different endpoints for the same VM"?
+        answer: |
+          The same Azure VM can't be used with different configurations in the same connection monitor. For example, using same VM with a filter and without a filter in the same connection monitor isn't supported.
+
+      - question: |
+          What happens if the test failure reason is "Nothing to display"?
+        answer: |
+          Issues that are displayed on the connection monitor dashboard are found during topology discovery or hop exploration. There can be cases where the threshold set for % loss or RTT is reached but no issues are found on hops.
+
+      - question: |
+          When migrating an existing connection monitor (classic) to the latest connection monitor, what happens if the external endpoint tests are migrated with the TCP protocol only?
+        answer: |
+          There's no protocol selection option in connection monitor (classic). Tests in connection monitor (classic) only use the TCP protocol, and that's why, during the migration, we create a TCP configuration in tests in the new connection monitor.
+
   - name: NSG flow logs
     questions:
       - question: |
           What does NSG flow logs do?
         answer: |
-          NSG flow logs enable you to log 5-tuple flow information about network traffic that passes through your [network security groups](../virtual-network/network-security-groups-overview.md). The raw flow logs are written to an Azure storage account from where they can be further processed, analyzed, queried, or exported as needed.
-          
+          NSG flow logs enable you to log 5-tuple flow information about network traffic that passes through your [network security groups](../virtual-network/network-security-groups-overview.md). The raw flow logs are written to an Azure storage account. From there, you can further process, analyze, query, or export them as needed.
+
+      - question: |
+          Do flow logs affect network latency or performance?
+        answer: |
+          Flow log data is collected outside the path of your network traffic, so it doesn't affect network throughput or latency. You can create or delete flow logs without any risk of impact to network performance.
+
       - question: |
           How do I use NSG flow logs with a storage account behind a firewall?
         answer: |
@@ -126,7 +165,7 @@ sections:
           1. Go to the storage account by entering the storage account's name in the search box at the top of the portal.
           2. Under the **Security + networking**, select **Networking**, then select **Firewalls and virtual networks**.
           3. In **Public network access**, select **Enabled from selected virtual networks and IP addresses**. Then under **Exceptions**, check the box next to **Allow Azure services on the trusted services list to access this storage account.** 
-          4. Enable NSG flow logs by creating a flow log for your target network security group using the above storage account. For more information, see [Create a flow log](nsg-flow-logging.md#create-a-flow-log).
+          4. Enable NSG flow logs by creating a flow log for your target network security group using the storage account. For more information, see [Create a flow log](nsg-flow-logging.md#create-a-flow-log).
           
           You can check the storage logs after a few minutes. You should see an updated TimeStamp or a new JSON file created.
           
@@ -136,9 +175,9 @@ sections:
           NSG flow logs are compatible with Service Endpoints without requiring any extra configuration. For more information, see [Enable a service endpoint](../virtual-network/tutorial-restrict-network-access-to-resources.md#enable-a-service-endpoint).
           
       - question: |
-          What is the difference between flow logs versions 1 & 2?
+          What is the difference between flow logs versions 1 and 2?
         answer: |
-          Flow logs version 2 introduces the concept of *Flow State* and stores information about bytes and packets transmitted. For more information, see [NSG flow log format](./network-watcher-nsg-flow-logging-overview.md#log-format).
+          Flow logs version 2 introduces the concept of *flow state* and stores information about bytes and packets transmitted. For more information, see [NSG flow log format](./network-watcher-nsg-flow-logging-overview.md#log-format).
 
 additionalContent: |