Troubleshooting Azure Networking - Using Network Watcher@20aman Feb 11, 2020
Network Watcher is like a swiss knife for various things related to networking. This is a one-stop-shop for monitoring and troubleshooting your networks and related components. In this post, we will be focusing on the troubleshooting related aspects of Network Watcher.
Enabling Network Watcher
First of all, you need to enable network watcher. You should do so for every region where you have a virtual network deployed or will deploy in the near future. To do so simply navigate to the Network Watcher service (by searching for it). In the Overview screen, expand the regions area as shown below. Right-click on the region for which you want to enable this service and select "Enable network watcher".
The first time you do this, it will create a new resource group called "NetworkWatcherRG". If you check this resource group after enabling network watcher for any region, it will look empty, but it actually contains hidden resources of type "microsoft.network/networkwatchers".
Once the network watcher is enabled, you are ready for consuming various mini tools (or different sections) that give you troubleshooting features.
IP Flow Verify
This is to check the IP Flow. If you want to check if the traffic is able to flow or is being blocked then this is the section you want to check. Select the VM and its network interface for which you want to check the IP Flow. The Local IP address will be auto-populated. Fill in the details for the Remote IP address and Remote port and click on the Check button. It will simulate the traffic and will let you know the results.
If you have various Route tables and you want to verify that the traffic follows a particular route or not then "Next Hop" is the section you want to check. You can check if traffic from a source to destination will go via network virtual appliance or not based on a route defined in a route table or not.
Simply select the source and destination. The Source IP address will populate based on the network interface selected. And the destination IP address will be input by you. Click on the "Next hop" button once you are ready. The output will show you what the next hop will be and the route along with the route table that is directing that traffic to that next hop.
Effective Security Rules
You may have various Network Security Groups (NSGs) applied to a VM i.e. one NSG applied directly on its network interface and another one applied at the subnet level. If you want to check what is the result set of these NSGs and which NSGs are effectively applied on your VM, then this is the section that you can use. Simply select your Virtual Machine (VM) and the effective security rules will be displayed in the bottom section.
For more information please check this link: Azure Network Watcher