Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, July 19, 2012 10:55 PM
I'd like to use outbound Ping and Traceroute on an Azure VM. These are outbound requests to another server outside of Azure.
Is the Azure firewall blocking outbound ICMP traffic so that Ping is completely blocked?
Can someone please confirm that there is no way for me to Ping another server from a Windows Azure VM?
All replies (8)
Friday, July 20, 2012 10:47 AM ✅Answered | 1 vote
Hi Shannon,
Ping, tracert are disabled in Windows Azure. If you are using cloud services, then you can use Windows Azure connect to group on-premise machines with cloud services and ping between on-premise , cloud service VMs.
Thanks,
Hari
Sunday, July 22, 2012 4:00 AM ✅Answered | 1 vote
Hi Shannon,
Instead of using ping, you can use Psping (or nmap/tcping/portqry/telnet etc.) to test connectivity to a specific port.
For example, if the public port of my RDP endpoint is 50791 -
C:\psping cljun27ws12.cloudapp.net:50791
PsPing v1.0 - ping, latency, bandwidth measurement utility
Copyright (C) 2012 Mark Russinovich
Sysinternals - www.sysinternals.com
TCP connect to 137.117.73.209:50791:
5 iterations (warmup 1) connecting test:
Connecting to 137.117.73.209:50791 (warmup): 87.26ms
Connecting to 137.117.73.209:50791: 81.35ms
Connecting to 137.117.73.209:50791: 89.43ms
Connecting to 137.117.73.209:50791: 82.92ms
Connecting to 137.117.73.209:50791: 84.83ms
TCP connect statistics for 137.117.73.209:50791:
Sent = 4, Received = 4, Lost = 0 (0% loss),
Minimum = 81.35ms, Maxiumum = 89.43ms, Average = 84.63ms
And while ICMP is blocked externally, if the guest OS firewall in the VM is configured to allow ICMP, you can ping between VMs in the same cloud service or virtual network.
And as Hari mentioned, you can ping between on-premise and a VM if the connectivity is happening with Azure Connect, or with a Virtual Network Gateway.
Thanks,
Craig
Thursday, February 28, 2013 8:11 AM | 3 votes
I think the important question here is why is outbound ICMP blocked?
Azure is an IP service, and for some reason Microsoft feels ICMP is not important? I think they should once again read rfc792.
Friday, June 28, 2013 6:08 PM | 1 vote
I agree. Tracert and ping are important network diagnostic tools. I am having problems with outbound connections now and cannot troubleshoot the problem because ICMP outbound is blocked.
Shan McArthur www.shanmcarthur.net Check out the commercial edition of xRM portals @ www.adxstudio.com
Monday, July 1, 2013 2:47 PM | 2 votes
You can vote up this idea to help show customer demand for ICMP support through the external IP.
Thanks,
Craig
Wednesday, October 23, 2013 11:00 AM
Is there a published list of opened outbound ports available? What are the list of ports my VM can talk outside except icmp?
Friday, April 17, 2015 8:32 AM
There is a section called End pints in azure portal you can see all the open ports there.
Saturday, January 16, 2016 12:12 AM
Update to this question, Outbound Ping is available now after setting a Instance Level Public IP (ILPIP) on Azure VM.
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-instance-level-public-ip/