Hello, @Kytan !
How do I enable ping (ICMP echo) on an Azure VM?
These are steps taken from a blog by Microsoft's Thomas Maurer (steps have been reproduced and truncated):
https://www.thomasmaurer.ch/2019/09/how-to-enable-ping-icmp-echo-on-an-azure-vm
Note:
Assigning a public IP address to a virtual machine is a security risk so if you choose to do this, make sure you are comfortable in addressing and mitigating that risk. Azure Just-in-Time VM Access (JIT) and Azure Bastion are two features worth looking at for limiting exposure.
Blocked by default
Azure blocks and denies all inbound public traffic by default, including ICMP traffic. This is good as it improves security by reducing the attack surface. We'll need to allow specific ports and protocols in order to ping our VM.
Step 1: Configure the Network Security Group (NSG) to allow ICMP traffic
In the portal, you'll need to add a new inbound port rule to allow ICMP:
- In your VM resource, go to Settings > Networking and click on Add inbound port rule (see previous screenshot)
- Set Protocol to ICMP
- Make sure your priority is set low enough to override any rules that may block access
- Click on Add
Alternatively, you can use PowerShell:
Get-AzNetworkSecurityGroup -Name "AzureVM-WIN01-nsg" | Add-AzNetworkSecurityRuleConfig -Name ICMP-Ping -Description "Allow Ping" -Access Allow -Protocol ICMP -Direction Inbound -Priority 100 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange * | Set-AzNetworkSecurityGroup
Step 2: Set up the operating system to answer Ping/ICMP echo requests
The operating system will need to be configured to allow ICMP traffic as well. This is disabled by default on Windows Server and will require that you configure Windows Firewall to enable on of the following:
- IPv4: File and Printer Sharing (Echo Request – ICMPv4-In)
- IPv6: File and Printer Sharing (Echo Request – ICMPv6-In)
Alternatively, you can run one of the following commands:
- IPv4:
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow
- IPv6:
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol="icmpv6:8,any" dir=in action=allow
Ready to ping!
After completing both steps, you should be able to ping your Azure Virtual Machine using a public IP address.