Just setup a new VM-100 device in Azure. SSL decryption and security policies are in place. My test client PC can browse the web, and all of the policies seem to work.
However, I cannot ping or tracert to any public website (e.g., www.apple.com). The DNS resolution works, I see that the ping traffic is allowed in the monitor tab, and I disabled SSL decryption as a test, but it still didn't work.
I'm sure that it's something simple, but anyone have any ideas?
Hi @RamprakashRT, thanks for this.
I had actually just tried that before your post. I originally had a secondary IP address configured on the interface with a public IP address, but that didn't work. So, I scrapped that, and put the public IP address right on the interface. I can now ping, but tracert isn't working. Do I need to modify the NSG to allow all inbound internet traffic on the untrust interface?
I suspect the security policy in the firewall. Just to isolate , is it possible to create a plain firewall rule for the test machine by allowing all the traffic in the firewall. Also untrust interface outbound NSG 'allow all' and trust interface inbound NSG 'allow all'.
I did some digging, and I think the issue is that Azure does not permit you to ping the default gateway in an Azure VNET. Check out this doc:
Adding the public IP to the interface, I can now ping public internet addresses. However, traceroute does not work, and by the looks of things, it is not supposed to work.
Thanks for the help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!