tag:blogger.com,1999:blog-62687483129304921.post4817150262602486248..comments2024-03-28T13:13:53.318+01:00Comments on ADdict: Azure Quick Tip: Block or Allow ICMP using Network Security GroupsThomashttp://www.blogger.com/profile/12651864373303201993noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-62687483129304921.post-38952026223597360802019-08-15T19:51:20.036+02:002019-08-15T19:51:20.036+02:00Yep, that's correct! Hah, as I look to this, a...Yep, that's correct! Hah, as I look to this, almost posted 4 years to to this date :)Thomashttps://www.blogger.com/profile/12651864373303201993noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-58556279407497266652019-08-15T13:37:44.347+02:002019-08-15T13:37:44.347+02:00Looks like ICMP is now an option when creating NSG...Looks like ICMP is now an option when creating NSG rules...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-60667107132161062992019-02-21T18:34:47.436+01:002019-02-21T18:34:47.436+01:00Nice Post!!!! Nice Post!!!! SQL Knowledgehttps://www.blogger.com/profile/05213028554698004703noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-32132308647102632762018-08-30T15:08:26.076+02:002018-08-30T15:08:26.076+02:00Fair point :) using the real command makes it look...Fair point :) using the real command makes it look like you can execute but indeed priority has to be below 4096Thomashttps://www.blogger.com/profile/12651864373303201993noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-72495858836489841012018-08-22T19:56:53.674+02:002018-08-22T19:56:53.674+02:00FYI
"The 40002 argument is greater than the ...FYI<br /><br />"The 40002 argument is greater than the <br />maximum allowed range of 4096. Supply an argument that is less than or equal to 4096 and then try the command again."Hugo Rodrigueshttps://www.blogger.com/profile/17947197022053235950noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-63404726935385973272018-06-27T15:54:36.812+02:002018-06-27T15:54:36.812+02:00You might also block traffic from Azure services l...You might also block traffic from Azure services like the load balancer with such a rule. You need to be very careful with such global rules.<br />Security groups in Azure still need a lot of improvements for better fine tuned rules.Marco Schirrmeisterhttps://www.blogger.com/profile/08400461767546824363noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-76335483218837953062017-02-14T22:46:03.600+01:002017-02-14T22:46:03.600+01:00Agreed that the NSG could definately be improved b...Agreed that the NSG could definately be improved by having the protocol number in there. And agree that my explanation is incomplete. When writing this I was aware of this in my reasoning. Maybe should have written it down. I'm not sure the underlaying stack does allow for those protocols to be used though.Thomashttps://www.blogger.com/profile/12651864373303201993noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-48456913092861914432017-02-14T03:08:11.864+01:002017-02-14T03:08:11.864+01:00Your logic is incomplete. There are many IP proto...Your logic is incomplete. There are many IP protocols other than ICMP, TCP, and UDP. For example, GRE and IPSEC (proto's AH and ESP). Azure's SG stinks for not allowing you to set the protocol by number like any basic network ACL would allow. So what you're rule ends up allowing is ICMP and every other IP protocols, http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.Alex Lhttps://www.blogger.com/profile/00903624316452551086noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-2166061834122885282016-11-10T18:38:16.020+01:002016-11-10T18:38:16.020+01:00Thanks Thomas, we are testing this next week for a...Thanks Thomas, we are testing this next week for a setup in Azure as we never found these information in the Microsoft Official Azure documentation or from the Support Engineers. Karthikhttp://www.theconsultit.com/noreply@blogger.comtag:blogger.com,1999:blog-62687483129304921.post-82769222559766129822016-02-26T04:10:41.388+01:002016-02-26T04:10:41.388+01:00Thanks, your post pointed me in the right directio...Thanks, your post pointed me in the right direction. I just had to update to the ARM commandsnbrowne1https://www.blogger.com/profile/13171027987802757196noreply@blogger.com