question

Senthilnath-1616 avatar image
0 Votes"
Senthilnath-1616 asked GitaraniSharmaMSFT-4262 answered

NSG Flow logs - IPs used while connecting to VM using Bastion service

Hello,
I use Azure Bastion service to connect my Azure VMs.
The NSG flow logs query lists a set of Outbound connections (Allowed) on the VMs IP address.
While tracing the public IP, they are from : Microsoft Azure, Akamai technologies, Netrouting, QUALYS.

Connecting to VMs using Bastion service use the above organizations IPs?

azure-bastionazure-network-watcher
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Senthilnath-1616 ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Could you please share a screenshot or the list of Public IPs that are showing in your NSG flow logs?
In the mean time, I will check with the backend team to validate this scenario.

Thanks,
Gita

0 Votes 0 ·
Senthilnath-1616 avatar image Senthilnath-1616 GitaraniSharmaMSFT-4262 ·

Hello @GitaraniSharmaMSFT-4262

Below provided the list of IPs sorted by time.

Public IPs - FlowType
23.214.151.66 - ExternalPublic
13.107.5.88 - AzurePublic
13.69.106.208 - AzurePublic
52.143.80.209 - AzurePublic
13.107.4.50 - AzurePublic
154.59.121.74 - Externalpublic

Flow Direction - outbound
Flow status - Allowed
IsMalicious - False
Type - AzureNetworkAnalytics_CL
Source system - Azure

Thanks.

1 Vote 1 ·

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered

Hello @Senthilnath-1616 ,

Thank you for the information.

I checked with the backend team internally and they mentioned that at high level, Azure Bastion is a PaaS service and it does allow or connect to various services for its operations and security scan. These services can be deployed on Microsoft Azure or partner network which are needed for service function properly (simple example in this case would be DNS resolution using Akamai) but it would be difficult to validate without the deployment details.

Hence, if you need deeper investigation, the backend team suggested to open a support ticket with all the details and questions. So if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.