You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/design-solutions-network-security/includes/4-design-solutions-network-posture-management.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -62,7 +62,7 @@ Network verifier is useful during both the design and post-deployment phases of
62
62
63
63
## Validate posture with Network Watcher diagnostics
64
64
65
-
Azure Network Watcher provides diagnostic tools that help you verify your network configurations match your intended design. While the next unit covers network monitoring in depth, several Network Watcher capabilities are especially relevant for posture validation:
65
+
Azure Network Watcher provides a suite of monitoring, diagnostic, and traffic analysis tools for Azure IaaS network resources. Network Watcher diagnostics capabilities are especially relevant for posture validation (Azure Network Watcher tools that support network monitoring and traffic analysis are covered in the next unit).
66
66
67
67
-**IP flow verify** and **NSG diagnostics** check whether specific traffic is allowed or denied by evaluating the effective security rules at the VM or subnet level. Use these tools to confirm that your NSG configurations enforce the traffic-filtering policies you designed, without waiting for actual traffic to trigger a flow log entry.
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/design-solutions-network-security/includes/5-design-solutions-network-monitoring.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@ Effective network monitoring gives you continuous visibility into the traffic fl
2
2
3
3
## Capture traffic data with virtual network flow logs
4
4
5
-
Virtual network flow logs are the foundation of network traffic monitoring in Azure. They record metadata about every IP flow entering and leaving a virtual network, including source and destination addresses, ports, protocol, traffic direction, and whether the flow was allowed or denied. Flow logs operate at Layer 4 and are collected at one-minute intervals without affecting your resources or network performance.
5
+
Virtual network flow logs are a Network Watcher traffic capability and the foundation of network traffic monitoring in Azure. They record metadata about every IP flow entering and leaving a virtual network, including source and destination addresses, ports, protocol, traffic direction, and whether the flow was allowed or denied. Flow logs operate at Layer 4 and are collected at one-minute intervals without affecting your resources or network performance.
6
6
7
7
Virtual network flow logs offer several advantages over the older network security group (NSG) flow logs:
8
8
@@ -26,7 +26,7 @@ When you design your flow log strategy, consider the following factors:
26
26
27
27
## Analyze traffic patterns with Traffic Analytics
28
28
29
-
Raw flow logs produce large volumes of data that are difficult to interpret on their own. Traffic Analytics processes flow log data to produce actionable insights about your network traffic.
29
+
Raw flow logs produce large volumes of data that are difficult to interpret on their own. Traffic Analytics, another Network Watcher traffic capability, processes flow log data to produce actionable insights about your network traffic.
30
30
31
31
Traffic Analytics aggregates raw flows, reduces the data volume by combining flows with common attributes, and enriches each record with geographic, security, and topology information. It stores the processed data in a Log Analytics workspace, where you can query it with Kusto Query Language (KQL) or view it through a built-in dashboard.
32
32
@@ -41,7 +41,7 @@ To use Traffic Analytics, you need virtual network flow logs (or NSG flow logs f
41
41
42
42
## Monitor connectivity with Connection Monitor
43
43
44
-
While flow logs capture what traffic is flowing, Connection Monitor tests whether traffic *can* flow. It provides continuous, end-to-end connectivity monitoring between Azure VMs, virtual machine scale sets, on-premises hosts (through Azure Arc), and external endpoints such as URLs or IP addresses.
44
+
Connection Monitor is a Network Watcher monitoring capability that tests whether traffic *can* flow between endpoints. While flow logs capture what traffic is flowing, Connection Monitor provides continuous, end-to-end connectivity monitoring between Azure VMs, virtual machine scale sets, on-premises hosts (through Azure Arc), and external endpoints such as URLs or IP addresses.
45
45
46
46
Connection Monitor measures packet loss, latency, and round-trip time using TCP, ICMP, and HTTP probes. It visualizes the end-to-end network path including hop-by-hop performance, helping you identify where connectivity degrades.
0 commit comments