Regarding Network Insights & Metrics for Azure

Ananya Sarkar 311 Reputation points
2020-12-05T17:03:31.187+00:00

Hi, I am trying to get the information regarding the Network Insights & Metrics for Azure. How to query the cloud environment for key network health & governance data points for the below points?

a. Azure NSGs or Azure Firewall without a specific tag
b. Azure Monitor / Traffic Analytics traffic insights
c. FW Health – SNAT port utilization (Network Watcher)

It will be really helpful if i get this information and some use cases to validate them.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
578 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
159 questions
0 comments
Accepted answer
  1. suvasara-MSFT 10,011 Reputation points
    2020-12-07T12:37:51.267+00:00

    @Ananya Sarkar ,

    a. Azure NSGs or Azure Firewall without a specific tag

    You should be able to get the resource list using the below mentioned PowerShell commands, 

     Get-AzResource | Where-Object Tags -eq $null | Select-Object -Property Name, ResourceType

    b. Azure Monitor / Traffic Analytics traffic insights

    Azure monitor offers following solutions for monitoring on your network,

    1.Network Performance Monitor (NPM) to
    Monitor the health of your network

    2.Azure Application Gateway analytics to review

    Azure Application Gateway logs
    Azure Application Gateway metrics

    3.Solutions to monitor and audit network activity on your cloud network

    Traffic Analytics
    Azure Network Security Group Analytics

    I have enabled Traffic Analytics on one of my NSG attached to a VM. Here are the metrics recorded for your reference.

    45706-image.png

    45803-image.png

    You can even use queries to filter or extract data from log analytics workspace, 

     NetworkSecuritygroups    AzureDiagnostics | where ResourceType=="NETWORKSECURITYGROUPS"

    Ref Doc: Azure networking monitoring solutions in Azure Monitor

    c. FW Health – SNAT port utilization (Network Watcher)

    Here is an FAQ that explains about how to check SNAT port usage and allocation.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ananya Sarkar 311 Reputation points
    2020-12-06T15:14:20.827+00:00

    @suvasara-MSFT , can you plz help on this?

    0 comments
  2. Ananya Sarkar 311 Reputation points
    2020-12-07T16:33:34.21+00:00

    Thanks @suvasara-MSFT for the response.
    what is the powershell command to get the NSG and Firewall resource list with or without a specific tag?

    Is it possible to run a query in log analytics workspace or in traffic analytics to retrieve metrics about network health & governance data points, for Azure NSGs or Azure Firewall without a specific tag?

    Can we enable traffic analytics for firewall also like to visualize the mvtrics, can you plz provide some docs on this how to setup?