How can I enable Ping on an Azure Linux VM

Azure blocks by default ICMP traffic using Network Security groups. To enable you need to create a special rule allowing. For security reasons Azure not allow ICMP from internet

Some examples about how to do:

http://setspn.blogspot.com.es/2015/08/azure-quick-tip-block-or-allow-icmp.html

http://www.theconsultit.com/blog/2016/11/10/how-to-configure-azure-network-security-group-nsg-rule-for-icmp-traffic/


  • Ping external address from Azure VM - does not work as Azure does not permit outbound ICMP

  • Ping Azure VM from external address - does not work as Azure does not permit inbound ICMP

  • Ping between Azure VMs using internal IP (DIP) - works, but guest OS firewall must be configured to allow it as by default ICMP is blocked by the guest.

  • Ping between Azure VM and on-premises through Azure Connect (point-to-point IPSec VPN tunnel) or Virtual Network Gateway (site-to-site IPSec VPN tunnel) - works, but guest OS firewall must be configured to allow it as by default ICMP is blocked by the guest.

As an alternative to ping with ICMP, you can verify connectivity by trying to reach a specific TCP port with tools such as TCPing, PortQuery, or NMap. Those will working inbound to an Azure VM as long as you have opened an endpoint for the port you are trying to reach, and the guest firewall allows it and something is listening on that port. For Azure Connect and Virtual Network Gateways you don't need the endpoints because you are communicating through a VPN tunnel, but the guest firewall would still need to allow the port you are testing, and something needs to be listening on that port.

  • Credit to Craig Landis answer

Tags:

Linux

Ping

Azure

Recent Posts