Hello @Wongue Kim ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like to know if it is possible to block ICMP timestamp type protocol only at the Azure NSG level.
Azure NSG rules are evaluated and applied based on the five-tuple (source, source port, destination, destination port, and protocol) information.
Initially Azure NSGs didn't support ICMP protocol but starting 29th July 2019, ICMP protocol is supported in NSG rules, however, it is for the whole ICMP protocol. You cannot selectively allow only certain type of traffic.
https://azure.microsoft.com/en-in/updates/network-security-group-improvements-now-available/
So, you can create a NSG to block ICMP protocol as a whole, but you cannot specify the type of traffic.
To block ICMP protocol, you can create a NSG rule as below:
- Sign into the Azure portal.
- Navigate to the resource group containing your NSG.
- Locate and select the NSG that you want to modify.
- In the NSG overview pane, click on "Inbound security rules" under "Settings".
- Click on the "Add" button to create a new inbound security rule.
- Provide a name for the rule, such as "Block ICMP".
- Set the "Source" and "Destination" fields to match your specific requirements (e.g., source IP, destination IP, etc.).
- Set the "Protocol" to "Any" or "ICMP".
- In the "Source port ranges" and "Destination port ranges" fields, leave them blank to cover all ports.
- Set the "Action" to "Deny".
- Click on the "Add" button to create the rule.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.