How can we improve Azure Virtual Machines?

Enable ICMP traffic to Azure VMs over the Internet

There are several scenarios that ICMP traffic to Azure VMs is necessary. Specially for monitoring tools that requires this kind of communication. When the time this was written, AWS offers ICMP traffic controlled by endpoints, which is not possible with Azure VMs endpoints.

208 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Luciano Bernardes shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    25 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Yes, I want to use ICMP to find out the packet delay between servers. I can not achieve it with out Ping function.

      • Darren commented  ·   ·  Flag as inappropriate

        This is possible - in the Inbound Rules for the Network Security Group, create duplicates of the default rules for azure firewalls/networks within the user configurable ID range (eg. give duplicate of AllowVnetInbound an ID of 1000, and then a duplicate of
        AllowAzureLoadBalancerInBound an ID of 1002), and then after those, create rule to deny TCP with ID of 1003, another rule to deny UDP of ID 1003, and then a last rule to allow any/any/any in ID 1004. This will block TCP/UDP on any non-specified ports, but ICMP _will_ be allowed as a result of the allow any/any/any rule. Adjust the IDs to suit, but the order is important.

      • Cody Ardoin commented  ·   ·  Flag as inappropriate

        This is forcing me to switch to Amazon Web Services today. $140,000 Enterprise License down the drain for Microsoft over the fact they don't allow ICMP. Extremely sad they cant even add the most basic functionality since 2014. Anyone reading this, DITCH MICROSOFT! AWS has many more services and doesn't buster up small things like this.

      • Thomas Larsen commented  ·   ·  Flag as inappropriate

        I'd love to be able to enable this as well, even if only from select source IPs. This is as so many others for monitoring purposes.

        Workaround if you're using OMD: create a host-tag for azure vms, tag your hosts, create a "host check command" and use the tag as a condition and set the host check command to "use the status of the check_mk_agent".

      • Sergey commented  ·   ·  Flag as inappropriate

        How long we have to wait for enabling ICMP in Azure's security groups??? AWS made that a lot of years ago.

      • Anonymous commented  ·   ·  Flag as inappropriate

        wow this was posted in 2014 and we only have 7 comments?
        Please add this functionality ~ just want to monitor the connection.

      ← Previous 1

      Feedback and Knowledge Base