Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
570 questions
Might check that ICMP is allowed through the firewall profile currently in use.
Spoke to onprem connection
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 5%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Jean-Claude Kalunga
21
Reputation points
Hi All,
I just deployed this ARM template from Microsoft.
- I created a rule on the firewall to allow ping from on-prem VM to the spoke VM as follows:
name: allowping protocol: ICMP: Source Addresses: 192.168.1.128/25,10.100.0.0/16 destination addresses: 10.100.0.0/16,192.168.1.128/25 Desitnation ports: 1
I can ping from on-prem to the spoke but a ping from spoke to on-prem fails, any idea why? how do I make it work?
{count} votes
-
Jean-Claude Kalunga 21 Reputation points
2022-06-22T19:07:55.513+00:00 forgot to post the link for the ARM. Template. here it is.
Sign in to comment
2 answers
Sort by: Most helpful
-
Dave Patrick 426.1K Reputation points MVP2022-06-22T19:13:22.687+00:00 -
Jean-Claude Kalunga 21 Reputation points
2022-06-22T20:21:20.673+00:00 Hi DSPatrik, I checked the inbound rules both sides are they are allowed.
Sign in to comment -
-
Dave Patrick 426.1K Reputation points MVP
2022-06-22T20:34:49.227+00:00 Can you successfully ping it from other public locations? Is the device public facing? If not you may need to check the routing (or NAT) device is setup to allow the round trip ICMP echo.
--please don't forget to
upvoteandAccept as answerif the reply is helpful--