Add additional IP Protocols ls for NSG Rules
Add the ability to add additional IP Protocols (i.e. ICMP, EIGRP, so forth) to an NSG rule. The only option today is TCP, UDP, or "*". Currently to allow ICMP you have to allow any protocol "*" and any port "*" in the rule instead of simply adding a rule for ICMP specifically. This inhibits the ability to meet security controls for isolation required in NIST SP800-53.
We have started to work on ICMP support for NSGs.
- Anavi N [MSFT]
Thomson, Robert commented
Allowing any protocol by protocol number would be ideal. For example, for Calico to work with its overlay network, IPv4 encapsulation (protocol 4) is required, but it's still necessary to lock down TCP & UDP in the NSG itself.
Many IETF standards require ICMP (not just echorequest/echoreply)
Same question - allowing ICMP echo is critical for us. If you have a complex NSG in place, not being able to permit echo is like troubleshooting with one hand behind your back
Any news on allowing icmp echo request?