IP Flow Verify in Azure
One of the fastest ways to check if a Virtual Machine allows packets to be sent or received on specific ports is to use IP Flow Verify.
Typically when you create a new Virtual Machine there are Local VM firewall rules in place. It’s common for administrators to logon to the VM to diagnose from within the VM. Microsoft makes this easy with Network Watcher.
Once in the Network Watcher go to the IP Flow verify under Network diagnostic tools.
Azure has several network diagnostics tools that can help you troubleshoot problematic connections. These are:
- IP Flow Verify
- NSG diagnostic
- Next Hop
- Effective Security rules
- VPN Troubleshoot
- Packet capture
- Connection Troubleshoot
They all have a purpose, the key difference between IP Flow Verify and the other tools are IP Flow Verify allows you to enter a source and destination IP/Port details. If the connection fails as above, the security rule that prevented the communication is displayed.