How can we improve Azure Networking?

Enable ICMP traffic to Azure VMs over the Internet

There are several scenarios that ICMP traffic to Azure VMs is necessary. Specially for monitoring tools that requires this kind of communication. When the time this was written, AWS offers ICMP traffic controlled by endpoints, which is not possible with Azure VMs endpoints.

555 votes
Sign in
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Luciano Bernardes shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Microsoft
Signed in as (Sign out)
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    One more vote - I was troubleshooting an AKS issue today, and I'm somewhat blinded due to the fact that I can't rely on ICMP.

  • chenyt commented  ·   ·  Flag as inappropriate

    I dont what to say, I saw the first comment on this topic was at 2015, and now is 2019.
    And so many users want this feature.

  • SadStateofAffairs commented  ·   ·  Flag as inappropriate

    At first I thought this was a bad joke, but seriously there is no option to enable ICMP in a security group? Microsoft it's 2019! How can you expect people to believe this marketing nonsense ( when we can't even do the simplest things in Azure? We migrating to Azure from AWS and I'm dreading it :(

  • Anonymous commented  ·   ·  Flag as inappropriate

    Please allow the ability to open up ICMP via an NSG. This really makes monitoring difficult. It's especially difficult when I have to blow a huge hole in my NSGs every time i need to troubleshoot a problem.

  • Давид Чапел commented  ·   ·  Flag as inappropriate

    Hosts which do not return pings are down. Seriously, this really confuses troubleshooting. I realize that Windows servers block ping by default, but for the rest of the Internet this is really abnormal.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Yes, I want to use ICMP to find out the packet delay between servers. I can not achieve it with out Ping function.

  • Darren commented  ·   ·  Flag as inappropriate

    This is possible - in the Inbound Rules for the Network Security Group, create duplicates of the default rules for azure firewalls/networks within the user configurable ID range (eg. give duplicate of AllowVnetInbound an ID of 1000, and then a duplicate of
    AllowAzureLoadBalancerInBound an ID of 1002), and then after those, create rule to deny TCP with ID of 1003, another rule to deny UDP of ID 1003, and then a last rule to allow any/any/any in ID 1004. This will block TCP/UDP on any non-specified ports, but ICMP _will_ be allowed as a result of the allow any/any/any rule. Adjust the IDs to suit, but the order is important.

  • Cody Ardoin commented  ·   ·  Flag as inappropriate

    This is forcing me to switch to Amazon Web Services today. $140,000 Enterprise License down the drain for Microsoft over the fact they don't allow ICMP. Extremely sad they cant even add the most basic functionality since 2014. Anyone reading this, DITCH MICROSOFT! AWS has many more services and doesn't buster up small things like this.

← Previous 1

Feedback and Knowledge Base