Azure FW with VM NIC shows no internet access

Question

Hello Experts,

So I have a small lab environment with a hub (Azure FW) and two Spokes (with VMs). I'm redirecting all traffic 0.0.0.0/0 via the firewall using UDRs.

However, I have noticed that the VMs NIC (in the spokes vnet) in this set up indicates "No internet access", however, if I create an application rule to allow microsoft.com for instance I can still browse the site. My question, what is preventing the VM NIC from showing internet access, is there a rule in Azure FW that I haven't created

Answer 1

yes, you should allow azure FW rules that should allow internet access.

https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview

Answer 2

If I remember right the Windows Network Connectivity Status Indicator (NCSI) is running multiple tests to check if the client is connected to the internet.

1. The following URL is used for the first test: https://www.msftconnecttest.com
2. If the URL is reachable from the client a HTTP Get-Request for https://www.msftconnecttest.com/connecttest.txt is sent.
3. If this is successfully, NCSI will try to resolve the DNS name dns.msftncsi.com.
4. If the response is "131.107.255.255" the test is successful and the indicator in the Task Bar will show "Internet access".

So you should add https://www.msftconnecttest.com to your white-list in the Firewall.

---

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten