Network Watchers - Verify IP Flow
Verify IP flow from the specified VM to a location given the currently configured NSG rules.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkWatchers/{networkWatcherName}/ipFlowVerify?api-version=2023-09-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
network
|
path | True |
string |
The name of the network watcher. |
resource
|
path | True |
string |
The name of the resource group. |
subscription
|
path | True |
string |
The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
api-version
|
query | True |
string |
Client API version. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
direction | True |
The direction of the packet represented as a 5-tuple. |
|
localIPAddress | True |
string |
The local IP address. Acceptable values are valid IPv4 addresses. |
localPort | True |
string |
The local port. Acceptable values are a single integer in the range (0-65535). Support for * for the source port, which depends on the direction. |
protocol | True |
Protocol to be verified on. |
|
remoteIPAddress | True |
string |
The remote IP address. Acceptable values are valid IPv4 addresses. |
remotePort | True |
string |
The remote port. Acceptable values are a single integer in the range (0-65535). Support for * for the source port, which depends on the direction. |
targetResourceId | True |
string |
The ID of the target resource to perform next-hop on. |
targetNicResourceId |
string |
The NIC ID. (If VM has multiple NICs and IP forwarding is enabled on any of them, then this parameter must be specified. Otherwise optional). |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Request successful. The operation returns the result of IP flow verification. |
|
202 Accepted |
Accepted and the operation will complete asynchronously. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Ip flow verify
Sample Request
POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/ipFlowVerify?api-version=2023-09-01
{
"targetResourceId": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Compute/virtualMachines/vm1",
"direction": "Outbound",
"protocol": "TCP",
"localPort": "80",
"remotePort": "80",
"localIPAddress": "10.2.0.4",
"remoteIPAddress": "121.10.1.1"
}
Sample Response
{
"access": "Allow",
"ruleName": "Rule1"
}
Location: https:/management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/ipFlowVerify?api-version=2023-09-01
{
"access": "Allow",
"ruleName": "Rule1"
}
Definitions
Name | Description |
---|---|
Access |
Access to be allowed or denied. |
Direction |
The direction of the traffic. |
Error |
Common error details representation. |
Error |
The error object. |
Ip |
Protocol to be verified on. |
Verification |
Parameters that define the IP flow to be verified. |
Verification |
Results of IP flow verification on the target resource. |
Access
Access to be allowed or denied.
Name | Type | Description |
---|---|---|
Allow |
string |
|
Deny |
string |
Direction
The direction of the traffic.
Name | Type | Description |
---|---|---|
Inbound |
string |
|
Outbound |
string |
ErrorDetails
Common error details representation.
Name | Type | Description |
---|---|---|
code |
string |
Error code. |
message |
string |
Error message. |
target |
string |
Error target. |
ErrorResponse
The error object.
Name | Type | Description |
---|---|---|
error |
Error |
IpFlowProtocol
Protocol to be verified on.
Name | Type | Description |
---|---|---|
TCP |
string |
|
UDP |
string |
VerificationIPFlowParameters
Parameters that define the IP flow to be verified.
Name | Type | Description |
---|---|---|
direction |
The direction of the packet represented as a 5-tuple. |
|
localIPAddress |
string |
The local IP address. Acceptable values are valid IPv4 addresses. |
localPort |
string |
The local port. Acceptable values are a single integer in the range (0-65535). Support for * for the source port, which depends on the direction. |
protocol |
Protocol to be verified on. |
|
remoteIPAddress |
string |
The remote IP address. Acceptable values are valid IPv4 addresses. |
remotePort |
string |
The remote port. Acceptable values are a single integer in the range (0-65535). Support for * for the source port, which depends on the direction. |
targetNicResourceId |
string |
The NIC ID. (If VM has multiple NICs and IP forwarding is enabled on any of them, then this parameter must be specified. Otherwise optional). |
targetResourceId |
string |
The ID of the target resource to perform next-hop on. |
VerificationIPFlowResult
Results of IP flow verification on the target resource.
Name | Type | Description |
---|---|---|
access |
Indicates whether the traffic is allowed or denied. |
|
ruleName |
string |
Name of the rule. If input is not matched against any security rule, it is not displayed. |