AZ-104 Exam EP 51: Network Watcher

Introduction

This tutorial provides a step-by-step guide to using Azure Network Watcher, an essential tool for monitoring and diagnosing network issues in Azure environments. Understanding Network Watcher is crucial for Azure Administrators preparing for the AZ-104 exam, as it helps in maintaining network performance and security.

Step 1: Overview of Network Watcher

• Network Watcher is a regional service in Azure that allows you to monitor and diagnose network issues.
• It provides several tools and features to analyze network traffic and troubleshoot connectivity problems.
• Familiarize yourself with the key components of Network Watcher, as it is vital for effective network management.

Step 2: Using IP Flow Verify

• Go to the Network Watcher section in the Azure portal.
• Select the IP Flow Verify tool.
• Enter the following details:
  • Source IP address
  • Destination IP address
  • Protocol (TCP/UDP)
  • Source and destination ports
• Click on "Check" to verify if the traffic is allowed or denied based on the security rules.
• Tip: Use this feature to quickly determine if a connection is blocked.

Step 3: Checking Next Hop

• Navigate to the Next Hop tool within Network Watcher.
• Input the source IP address and destination IP address.
• Analyze the output to identify the next hop for the traffic.
• Common Pitfall: Ensure you are checking the correct virtual network and subnet configurations.

Step 4: Effective Security Rules

• Select the Effective Security Rules option in Network Watcher.
• Provide the network interface for which you want to view the rules.
• Review the effective security rules applied to the network interface.
• Tip: This helps ensure that your security configurations are correctly set and functioning as intended.

Step 5: Troubleshooting VPN Connections

• Access the VPN Troubleshoot feature.
• Enter the relevant parameters such as the VPN gateway and the desired connection.
• Review the diagnostics to identify any issues with the VPN setup.
• Common Issue: Check for mismatched configurations between the on-premises and Azure VPN settings.

Step 6: Packet Capture

• Go to the Packet Capture tool in Network Watcher.
• Specify the target virtual machine and configure the capture parameters.
• Start the packet capture and then download the results for analysis.
• Tip: Use packet capture to troubleshoot application-level problems by analyzing the traffic.

Step 7: Connection Troubleshoot

• Use the Connection Troubleshoot tool to diagnose connectivity issues.
• Input the source and destination IP addresses and the protocol.
• Analyze the results to understand any connectivity problems.
• Common Pitfall: Ensure you have the necessary permissions to perform this troubleshooting.

Step 8: NSG Flow Logs

• Enable NSG Flow Logs in the Network Watcher settings.
• Specify the storage account where the logs will be stored.
• Review the logs to monitor traffic flow and understand security rule impacts.
• Tip: Use NSG Flow Logs for auditing and compliance purposes.

Step 9: Monitoring Topology

• Access the Topology feature to visualize your network architecture.
• This view helps you understand the relationships between network resources.
• Use the topology diagram to identify potential issues or optimizations.
• Common Issue: Ensure all network components are correctly configured for accurate representation.

Conclusion

Through this tutorial, you have learned how to effectively utilize Azure Network Watcher for network monitoring and troubleshooting. Key features such as IP Flow Verify, Next Hop, and NSG Flow Logs are essential tools in maintaining a healthy Azure network. As the next step, consider practicing these tools in a test environment to solidify your understanding and readiness for the AZ-104 exam. Happy learning!