Linkedin-in Youtube Facebook-f

Azure Network Watcher

Azure Network Watcher

Azure Network Watcher – Overview

Network Watcher is an Azure regional service that provides tools to monitor, diagnose, view metrics, and manage logs for resources within an Azure virtual network. It helps you analyze network behavior at a scenario level without needing to log in to virtual machines.

Key Capabilities

Packet Capture

  • Remotely capture network traffic to and from Azure VMs.

  • Trigger packet capture manually or via alerts.

  • Useful for:

    • Diagnosing network anomalies

    • Debugging client-server communication

    • Detecting intrusions

  • Eliminates the need to sign in to VMs to capture packets.

NSG Flow Logs

  • Collects information about ingress and egress IP traffic through Network Security Groups.

  • Data is stored in JSON format and can be analyzed using:

    • Azure Monitor

    • Power BI

    • Third-party tools (e.g., Kibana)

  • Common use cases:

    • Security auditing

    • Compliance validation

    • Traffic pattern analysis

VPN Diagnostics

  • Troubleshoots Virtual Network Gateways and VPN connections.

  • Provides:

    • Gateway health status

    • Connection statistics

    • CPU and memory utilization

    • IKE security errors

    • Packet drops and event logs

  • Detailed logs are stored in an Azure Storage account.

  • Multiple gateways or connections can be diagnosed simultaneously.

Connection Monitor

Connection Monitor is a Network Watcher feature that monitors communication between:

  • A VM and another VM

  • A VM and an endpoint (IP, FQDN, URI)

What it Monitors

  • Reachability

  • Latency (minimum, average, maximum)

  • Network topology changes

Troubleshooting Insights

If a connection fails, Connection Monitor can identify causes such as:

  • DNS resolution failures

  • NSG or firewall rules

  • User-defined routes

  • VM resource constraints (CPU or memory)

Network Performance Monitor

A cloud-based hybrid monitoring solution used to:

  • Monitor network performance across on-premises and Azure environments

  • Monitor ExpressRoute performance

  • Detect issues such as:

    • Traffic blackholing

    • Routing errors

    • Latency spikes

It generates alerts when thresholds are exceeded and pinpoints the affected network segment.

Required Permissions

To use Network Watcher features, your account must have one of the following roles:

  • Owner

  • Contributor

  • Network Contributor

  • Or a custom role with read/write/delete permissions for Network Watcher

Network Watcher Diagnostics Tools

✔️ IP Flow Verify

Purpose:
Quickly determine whether a security rule allows or blocks traffic.

Use cases:

  • Troubleshooting VM connectivity

  • Verifying correct NSG rule application

How it works:

  • Specify source/destination IP

  • Define port, protocol (TCP/UDP), and direction

  • Returns whether traffic is allowed or denied and by which rule

If IP Flow Verify shows no issues, investigate firewalls or OS-level restrictions.

✔️ Next Hop

Purpose:
Identify how traffic is routed and where it is sent next.

Returns:

  • Next hop type (Internet, Virtual Appliance, VNet Gateway, Peering, None)

  • Associated route table (system or user-defined)

Useful when:

  • Custom routes override Azure default routes

  • A VM loses connectivity due to routing misconfiguration

✔️ Effective Security Rules

  • Displays the actual NSG rules applied to a network interface or subnet.

  • Helpful when multiple NSGs are involved.

Rule attributes include:

  • Priority (100–4096)

  • Source and destination

  • Protocol (TCP, UDP, ICMP, Any)

  • Action (Allow or Deny)

✔️ VPN Troubleshoot

  • Performs in-depth diagnostics on VPN gateways and connections.

  • Long-running operation with detailed output.

  • Logs include:

    • Connection statistics

    • CPU/memory usage

    • IKE errors

    • Packet and buffer events

✔️ Connection Troubleshoot

  • Tests direct TCP connectivity from a VM to:

    • Another VM

    • FQDN

    • URI

    • IPv4 address

  • Identifies whether issues are due to:

    • Azure platform

    • User configuration (NSGs, routes, firewalls)

Monitoring – Topology

Topology provides a visual map of your virtual network, showing:

  • VNets and subnets

  • VMs and NICs

  • NSGs and route tables

  • Public IPs and peering relationships

This is especially useful when:

  • You inherit an existing network

  • You need a quick understanding before troubleshooting

⚠️ A Network Watcher instance must exist in the same region as the virtual network to generate topology.

Linkedin-in Youtube Facebook-f
  • 03304 004 334
  • info@qisltd.co.uk
  • Quantus Information Services Limited
    Unit 5, Minster Court
    Tuscam Way
    Camberley
    Surrey
    GU15 3YY

Pages

Our Services

Subscribe to our Newsletter

Facebook-f Twitter Linkedin-in