| title | description | services | documentationcenter | author | ms.service | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|
Introduction to Network Configuration Diagnostics in Azure Network Watcher | Microsoft Docs |
This page provides an overview of the Network Watcher - Network Configuration Diagnostics |
network-watcher |
na |
damendo |
network-watcher |
article |
na |
infrastructure-services |
09/15/2020 |
damendo |
The Network Configuration Diagnostic tool helps customers understand which traffic flows will be allowed or denied in your Azure Virtual Network along with detailed information for debugging. It can help your in understanding if your NSG rules are configured correctly.
For using Network Configuration Diagnostics, Network Watcher must be enabled in your subscription. See Create an Azure Network Watcher instance to enable.
- Your resources in Azure are connected via Virtual Networks (VNETs) and subnets. The security of these VNets and subnets can be managed using a Network Security Group (NSG).
- An NSG contains a list of security rules that allow or deny network traffic to resources it is connected to. NSGs can be associated with subnets, individual VMs, or individual network interfaces (NICs) attached to VMs.
- All traffic flows in your network are evaluated using the rules in the applicable NSG.
- Rules are evaluated based on priority number from lowest to highest
For a given flow, the NCD tool runs a simulation of the flow and returns whether the flow would be allowed (or denied) and detailed information about rules allowing/denying the flow. Customers must provide details of a flow like source, destination, protocol, etc. The tool returns whether traffic was allowed or denied, the NSG rules that were evaluated for the specified flow and the evaluation results for every rule.
Use Network Configuration Diagnostic through other interfaces