Following up on
Can't open Azure VM Port
and
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal
Is it possible to open icmp port for ping using azure cli, like az vm open-port or something?
Is it possible to open icmp port for ping using azure cli, like az vm open-port?
Azure NSG now supports ICMP protocol and allows ping to a VM as we can see in the below screenshot from the document here.
But az vm open-port command do not have a parameter to pass ICMP protocol, refer this.
You could use az network nsg rule create command to allow ICMP on a VM as mentioned here.
Related
I am using a Virtual Machine in Azure portal. Over there, I connected the VM via RDP. Now when I saw at my credits $19 are spent and the uses by Azure Bastion.
After it, I did some R&D and figured out how to delete all Azure Bastion resources via Azure PowerShell. I deleted all Azure Bastion and checked with this command az network bastion network and the list is empty.
After a day, I again connected the VM via RDP and today when I checked the used details, it has increased by $4.
My question is, why is this happening even after deleted all bastion resources in Azure Portal and how can I stop it completely because I don't want to be charged more?
Please use the below command to check all the azure bastion hosts.
az network bastion list
If any bastion hosts are present, you can delete them using below command :
az network bastion delete --name MyBastionHost --resource-group MyResourceGroup
After deleting your bastion host, make sure to delete your public IP created for bastion host.
Please use the below command to delete public IP :
az network public-ip delete -g MyResourceGroup -n MyIp
Please refer the below document for the pricing of Bastion :
https://azure.microsoft.com/en-us/pricing/details/azure-bastion/
Is there way to determine outbound IPs specific to Azure Container Instances?
Background:
I would like to allow my container instance to send network messages to service behind firewall. To configure this firewall I need to know outbound IP address or range of IPs.
I found list of IPs for my region here https://www.microsoft.com/en-us/download/details.aspx?id=56519 but it's for all services (for my region it's more than 180 entries) not only container instances.
You can have container infos by executing this "Azure CLI" command
az container show --resource-group "RgName" --name "containerName" --output table
You may be able to use Private IP, VNet deployment feature (in preview currently) of ACI to support this.
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-vnet
You can use the CIDR range of the subnet to configure your firewall.
HTH
I am testing my own TCP client/server software, trying to use an Azure VM for testing. I have done this successfully on a Azure VM that I set up over a year ago. Now I have created a new VM that I need to test with. My service is installed on the VM and is monitoring port 18971. In the Azure portal, I have created an "endpoint" for TCP for that port. The machine is running Windows 2012. I have configured Windows Firewall with inbound and outbound rules to allow all TCP traffic to/from that port. I have also tried turning the firewall off. Still, my client software does not work, I receive error 10060 on the Winsock API "connect". I tried both the domain name and the IP address.
Any ideas of what else I have to do to allow TCP traffic? I am pretty sure this is an Azure configuration problem - I have successfully tested the software on direct connected machines as well as the old Azure VM I mentioned (I see no difference between it and the one I am trying now).
I guess you use the new type of VM with a resource manager on the old portal which you have "endpoint" for TCP for that port. You have to open some ports (endpoints) on new VM via the new portal. Refer to this.
For the new type of VM with a resource manager, you have to allow the port 18971 in the inbound port rules of NSG associated with your Azure VM or subnet.
Navigate to your virtual machine settings, and find Networking---Add inbound port rule.
(ELK noob) I have ELK installed in an Azure VM. Kibana is up and running and I can see syslogs.
I have tried opening the port 9200 (az vm open-port --port 9200 --resource-group MyResourceGroup --name MyELK) to be able to log to LogStash directly, but I am not sure how to do this. Should LogStash respond to HTTP requests on port 9200?
Is it possible to curl a request just to test? I have tried but without response from LS.
Yes, LogStash responds to HTTP on port 9200. If you don’t open the port 9200, all the HTTP REST will block by the NSG associated with the VM.
First, make sure that your open the port in firewall.
Second, in your Azure VM overview, select Networking in the left, and find what is your Network Security Group name. Just like follow picture.
enter image description here
Third, if you open the port in portal, you can select the your NSG and add an Inbound rule to open port 9200. If you want to use Azure CLI, after you login Azure CLI, use the command “ az vm open-port –port 9200 –resource-group MyResourceGroup –name MyELK –nsg=name NSG_name “, if you also have another NSG, open the port again with the right NSG name.
If your want to know more about Network Security Group, please click enter link description here
I have a network with enabled Network Security Groups where I deny Outbound Port 80 and 443. All Outbound traffic is managed through a Squid Proxy.
Now, I want to create a new Virtual Machine in this Network using the Azure ARM templates using the resource Microsoft.Compute/virtualMachines. The problem is that after creation of the Azure Storage Account the VM can't connect to it as the Outbound Port 80 and 443 are denied.
Is it possible to give the resource Microsoft.Compute/virtualMachines some proxy settings?
You'll need to use a custom script extension to call a script to change the proxy settings on the VM itself after VM creation has completed.