Analyze Network Traffic with Azure Network Watcher
Question
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Does the solution meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.A
The Network Watcher Network performance monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of
Azure ExpressRoute.
Note:
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen,
IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
IP flow verify looks at the rules for all Network Security Groups (NSGs) applied to the network interface, such as a subnet or virtual machine NIC. Traffic flow is then verified based on the configured settings to or from that network interface. IP flow verify is useful in confirming if a rule in a Network Security Group is blocking ingress or egress traffic to or from a virtual machine.
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overviewYes, the proposed solution meets the goal of analyzing network traffic to determine whether packets are being allowed or denied to the VMs.
Azure Network Watcher is a network monitoring and diagnostic service that provides tools to monitor, diagnose, and gain insights into the network traffic and connectivity of Azure resources. One of the tools offered by Azure Network Watcher is the IP flow verify, which analyzes the network traffic to determine whether packets are being allowed or denied to the VMs.
By using IP flow verify, the network administrator can check if network traffic is allowed to flow between a source and destination IP address and port. IP flow verify can also determine if network security groups (NSGs) and user-defined routes (UDRs) are correctly configured to allow or deny network traffic.
In this scenario, the proposed solution is appropriate for troubleshooting network connectivity issues of the VMs. The network administrator can use IP flow verify to check if packets are reaching the VMs and if there are any NSGs or UDRs blocking the traffic. With this information, the administrator can identify and resolve any network issues affecting the VMs.
Therefore, the correct answer is A. Yes.
