Network Watchers - Get Network Configuration Diagnostic

Reference

Service:: Network Watcher

API Version:: 2023-09-01

Gets Network Configuration Diagnostic data to help customers understand and debug network behavior. It provides detailed information on what security rules were applied to a specified traffic flow and the result of evaluating these rules. Customers must provide details of a flow like source, destination, protocol, etc. The API returns whether traffic was allowed or denied, the rules evaluated for the specified flow and the evaluation results.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkWatchers/{networkWatcherName}/networkConfigurationDiagnostic?api-version=2023-09-01

URI Parameters

Name	In	Required	Type	Description
networkWatcherName	path	True	string	The name of the network watcher.
resourceGroupName	path	True	string	The name of the resource group.
subscriptionId	path	True	string	The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version	query	True	string	Client API version.

Request Body

Name	Required	Type	Description
profiles	True	NetworkConfigurationDiagnosticProfile[]	List of network configuration diagnostic profiles.
targetResourceId	True	string	The ID of the target resource to perform network configuration diagnostic. Valid options are VM, NetworkInterface, VMSS/NetworkInterface and Application Gateway.
verbosityLevel		VerbosityLevel	Verbosity level.

Responses

Name	Type	Description
200 OK	NetworkConfigurationDiagnosticResponse	Request successful. The operation returns the result of network configuration diagnostic.
202 Accepted	NetworkConfigurationDiagnosticResponse	Accepted and the operation will complete asynchronously.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Network configuration diagnostic

Sample Request

POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/networkConfigurationDiagnostic?api-version=2023-09-01

{
  "targetResourceId": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Compute/virtualMachines/vm1",
  "profiles": [
    {
      "direction": "Inbound",
      "protocol": "TCP",
      "source": "10.1.0.4",
      "destination": "12.11.12.14",
      "destinationPort": "12100"
    }
  ]
}


import com.azure.resourcemanager.network.models.Direction;
import com.azure.resourcemanager.network.models.NetworkConfigurationDiagnosticParameters;
import com.azure.resourcemanager.network.models.NetworkConfigurationDiagnosticProfile;
import java.util.Arrays;

/**
 * Samples for NetworkWatchers GetNetworkConfigurationDiagnostic.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * NetworkWatcherNetworkConfigurationDiagnostic.json
     */
    /**
     * Sample code: Network configuration diagnostic.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void networkConfigurationDiagnostic(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getNetworkWatchers().getNetworkConfigurationDiagnostic("rg1", "nw1",
            new NetworkConfigurationDiagnosticParameters()
                .withTargetResourceId(
                    "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Compute/virtualMachines/vm1")
                .withProfiles(Arrays.asList(
                    new NetworkConfigurationDiagnosticProfile().withDirection(Direction.INBOUND).withProtocol("TCP")
                        .withSource("10.1.0.4").withDestination("12.11.12.14").withDestinationPort("12100"))),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python network_watcher_network_configuration_diagnostic.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.network_watchers.begin_get_network_configuration_diagnostic(
        resource_group_name="rg1",
        network_watcher_name="nw1",
        parameters={
            "profiles": [
                {
                    "destination": "12.11.12.14",
                    "destinationPort": "12100",
                    "direction": "Inbound",
                    "protocol": "TCP",
                    "source": "10.1.0.4",
                }
            ],
            "targetResourceId": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Compute/virtualMachines/vm1",
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkWatcherNetworkConfigurationDiagnostic.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkWatcherNetworkConfigurationDiagnostic.json
func ExampleWatchersClient_BeginGetNetworkConfigurationDiagnostic() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewWatchersClient().BeginGetNetworkConfigurationDiagnostic(ctx, "rg1", "nw1", armnetwork.ConfigurationDiagnosticParameters{
		Profiles: []*armnetwork.ConfigurationDiagnosticProfile{
			{
				Destination:     to.Ptr("12.11.12.14"),
				DestinationPort: to.Ptr("12100"),
				Direction:       to.Ptr(armnetwork.DirectionInbound),
				Source:          to.Ptr("10.1.0.4"),
				Protocol:        to.Ptr("TCP"),
			}},
		TargetResourceID: to.Ptr("/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Compute/virtualMachines/vm1"),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ConfigurationDiagnosticResponse = armnetwork.ConfigurationDiagnosticResponse{
	// 	Results: []*armnetwork.ConfigurationDiagnosticResult{
	// 		{
	// 			NetworkSecurityGroupResult: &armnetwork.SecurityGroupResult{
	// 				EvaluatedNetworkSecurityGroups: []*armnetwork.EvaluatedNetworkSecurityGroup{
	// 					{
	// 						AppliedTo: to.Ptr("/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/vnet/subnets/AppSubnet"),
	// 						MatchedRule: &armnetwork.MatchedRule{
	// 							Action: to.Ptr("Allow"),
	// 							RuleName: to.Ptr("UserRule_fe_rule"),
	// 						},
	// 						NetworkSecurityGroupID: to.Ptr("/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/networkSecurityGroups/nsg1"),
	// 						RulesEvaluationResult: []*armnetwork.SecurityRulesEvaluationResult{
	// 							{
	// 								Name: to.Ptr("UserRule_Cleanuptool-Allow-100"),
	// 								DestinationMatched: to.Ptr(true),
	// 								DestinationPortMatched: to.Ptr(false),
	// 								ProtocolMatched: to.Ptr(true),
	// 								SourceMatched: to.Ptr(false),
	// 								SourcePortMatched: to.Ptr(true),
	// 							},
	// 							{
	// 								Name: to.Ptr("UserRule_Cleanuptool-Allow-101"),
	// 								DestinationMatched: to.Ptr(true),
	// 								DestinationPortMatched: to.Ptr(false),
	// 								ProtocolMatched: to.Ptr(true),
	// 								SourceMatched: to.Ptr(true),
	// 								SourcePortMatched: to.Ptr(true),
	// 							},
	// 							{
	// 								Name: to.Ptr("UserRule_Cleanuptool-Allow-102"),
	// 								DestinationMatched: to.Ptr(true),
	// 								DestinationPortMatched: to.Ptr(false),
	// 								ProtocolMatched: to.Ptr(true),
	// 								SourceMatched: to.Ptr(false),
	// 								SourcePortMatched: to.Ptr(true),
	// 							},
	// 							{
	// 								Name: to.Ptr("UserRule_Cleanuptool-Deny-103"),
	// 								DestinationMatched: to.Ptr(true),
	// 								DestinationPortMatched: to.Ptr(false),
	// 								ProtocolMatched: to.Ptr(true),
	// 								SourceMatched: to.Ptr(true),
	// 								SourcePortMatched: to.Ptr(true),
	// 							},
	// 							{
	// 								Name: to.Ptr("UserRule_fe_rule"),
	// 								DestinationMatched: to.Ptr(true),
	// 								DestinationPortMatched: to.Ptr(true),
	// 								ProtocolMatched: to.Ptr(true),
	// 								SourceMatched: to.Ptr(true),
	// 								SourcePortMatched: to.Ptr(true),
	// 						}},
	// 					},
	// 					{
	// 						AppliedTo: to.Ptr("/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/vnet/networkInterfaces/nic"),
	// 						MatchedRule: &armnetwork.MatchedRule{
	// 							Action: to.Ptr("Allow"),
	// 							RuleName: to.Ptr("UserRule_fe_rule"),
	// 						},
	// 						NetworkSecurityGroupID: to.Ptr("/subscriptions/61cc8a98-a8be-4bfe-a04e-0b461f93fe35/resourceGroups/NwRgCentralUSEUAP_copy/providers/Microsoft.Network/networkSecurityGroups/AppNSG"),
	// 						RulesEvaluationResult: []*armnetwork.SecurityRulesEvaluationResult{
	// 							{
	// 								Name: to.Ptr("UserRule_fe_rule"),
	// 								DestinationMatched: to.Ptr(true),
	// 								DestinationPortMatched: to.Ptr(true),
	// 								ProtocolMatched: to.Ptr(true),
	// 								SourceMatched: to.Ptr(true),
	// 								SourcePortMatched: to.Ptr(true),
	// 						}},
	// 				}},
	// 				SecurityRuleAccessResult: to.Ptr(armnetwork.SecurityRuleAccessAllow),
	// 			},
	// 			Profile: &armnetwork.ConfigurationDiagnosticProfile{
	// 				Destination: to.Ptr("12.11.12.14"),
	// 				DestinationPort: to.Ptr("12100"),
	// 				Direction: to.Ptr(armnetwork.DirectionInbound),
	// 				Source: to.Ptr("10.1.0.4"),
	// 				Protocol: to.Ptr("TCP"),
	// 			},
	// 	}},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets Network Configuration Diagnostic data to help customers understand and debug network behavior. It provides detailed information on what security rules were applied to a specified traffic flow and the result of evaluating these rules. Customers must provide details of a flow like source, destination, protocol, etc. The API returns whether traffic was allowed or denied, the rules evaluated for the specified flow and the evaluation results.
 *
 * @summary Gets Network Configuration Diagnostic data to help customers understand and debug network behavior. It provides detailed information on what security rules were applied to a specified traffic flow and the result of evaluating these rules. Customers must provide details of a flow like source, destination, protocol, etc. The API returns whether traffic was allowed or denied, the rules evaluated for the specified flow and the evaluation results.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkWatcherNetworkConfigurationDiagnostic.json
 */
async function networkConfigurationDiagnostic() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkWatcherName = "nw1";
  const parameters = {
    profiles: [
      {
        destination: "12.11.12.14",
        destinationPort: "12100",
        direction: "Inbound",
        source: "10.1.0.4",
        protocol: "TCP",
      },
    ],
    targetResourceId:
      "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Compute/virtualMachines/vm1",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.networkWatchers.beginGetNetworkConfigurationDiagnosticAndWait(
    resourceGroupName,
    networkWatcherName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Resources;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/NetworkWatcherNetworkConfigurationDiagnostic.json
// this example is just showing the usage of "NetworkWatchers_GetNetworkConfigurationDiagnostic" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetworkWatcherResource created on azure
// for more information of creating NetworkWatcherResource, please refer to the document of NetworkWatcherResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string networkWatcherName = "nw1";
ResourceIdentifier networkWatcherResourceId = NetworkWatcherResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkWatcherName);
NetworkWatcherResource networkWatcher = client.GetNetworkWatcherResource(networkWatcherResourceId);

// invoke the operation
NetworkConfigurationDiagnosticContent content = new NetworkConfigurationDiagnosticContent(new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Compute/virtualMachines/vm1"), new NetworkConfigurationDiagnosticProfile[]
{
new NetworkConfigurationDiagnosticProfile(NetworkTrafficDirection.Inbound,"TCP","10.1.0.4","12.11.12.14","12100")
});
ArmOperation<NetworkConfigurationDiagnosticResponse> lro = await networkWatcher.GetNetworkConfigurationDiagnosticAsync(WaitUntil.Completed, content);
NetworkConfigurationDiagnosticResponse result = lro.Value;

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "results": [
    {
      "profile": {
        "direction": "Inbound",
        "protocol": "TCP",
        "source": "10.1.0.4",
        "destination": "12.11.12.14",
        "destinationPort": "12100"
      },
      "networkSecurityGroupResult": {
        "securityRuleAccessResult": "Allow",
        "evaluatedNetworkSecurityGroups": [
          {
            "networkSecurityGroupId": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/networkSecurityGroups/nsg1",
            "appliedTo": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/vnet/subnets/AppSubnet",
            "matchedRule": {
              "ruleName": "UserRule_fe_rule",
              "action": "Allow"
            },
            "rulesEvaluationResult": [
              {
                "name": "UserRule_Cleanuptool-Allow-100",
                "protocolMatched": true,
                "sourceMatched": false,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_Cleanuptool-Allow-101",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_Cleanuptool-Allow-102",
                "protocolMatched": true,
                "sourceMatched": false,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_Cleanuptool-Deny-103",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_fe_rule",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": true
              }
            ]
          },
          {
            "networkSecurityGroupId": "/subscriptions/61cc8a98-a8be-4bfe-a04e-0b461f93fe35/resourceGroups/NwRgCentralUSEUAP_copy/providers/Microsoft.Network/networkSecurityGroups/AppNSG",
            "appliedTo": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/vnet/networkInterfaces/nic",
            "matchedRule": {
              "ruleName": "UserRule_fe_rule",
              "action": "Allow"
            },
            "rulesEvaluationResult": [
              {
                "name": "UserRule_fe_rule",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": true
              }
            ]
          }
        ]
      }
    }
  ]
}

Status code:: 202

Location: https:/management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/networkWatchers/nw1/networkConfigurationDiagnostic?api-version=2023-09-01

Response Body

{
  "results": [
    {
      "profile": {
        "direction": "Inbound",
        "protocol": "TCP",
        "source": "10.1.0.4",
        "destination": "12.11.12.14",
        "destinationPort": "12100"
      },
      "networkSecurityGroupResult": {
        "securityRuleAccessResult": "Allow",
        "evaluatedNetworkSecurityGroups": [
          {
            "networkSecurityGroupId": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/networkSecurityGroups/nsg1",
            "appliedTo": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/vnet/subnets/AppSubnet",
            "matchedRule": {
              "ruleName": "UserRule_fe_rule",
              "action": "Allow"
            },
            "rulesEvaluationResult": [
              {
                "name": "UserRule_Cleanuptool-Allow-100",
                "protocolMatched": true,
                "sourceMatched": false,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_Cleanuptool-Allow-101",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_Cleanuptool-Allow-102",
                "protocolMatched": true,
                "sourceMatched": false,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_Cleanuptool-Deny-103",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": false
              },
              {
                "name": "UserRule_fe_rule",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": true
              }
            ]
          },
          {
            "networkSecurityGroupId": "/subscriptions/61cc8a98-a8be-4bfe-a04e-0b461f93fe35/resourceGroups/NwRgCentralUSEUAP_copy/providers/Microsoft.Network/networkSecurityGroups/AppNSG",
            "appliedTo": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/vnet/networkInterfaces/nic",
            "matchedRule": {
              "ruleName": "UserRule_fe_rule",
              "action": "Allow"
            },
            "rulesEvaluationResult": [
              {
                "name": "UserRule_fe_rule",
                "protocolMatched": true,
                "sourceMatched": true,
                "sourcePortMatched": true,
                "destinationMatched": true,
                "destinationPortMatched": true
              }
            ]
          }
        ]
      }
    }
  ]
}

Definitions

Name	Description
Direction	The direction of the traffic.
ErrorDetails	Common error details representation.
ErrorResponse	The error object.
EvaluatedNetworkSecurityGroup	Results of network security group evaluation.
MatchedRule	Matched rule.
NetworkConfigurationDiagnosticParameters	Parameters to get network configuration diagnostic.
NetworkConfigurationDiagnosticProfile	Parameters to compare with network configuration.
NetworkConfigurationDiagnosticResponse	Results of network configuration diagnostic on the target resource.
NetworkConfigurationDiagnosticResult	Network configuration diagnostic result corresponded to provided traffic query.
NetworkSecurityGroupResult	Network configuration diagnostic result corresponded provided traffic query.
NetworkSecurityRulesEvaluationResult	Network security rules evaluation result.
SecurityRuleAccess	Whether network traffic is allowed or denied.
VerbosityLevel	Verbosity level.

Direction

The direction of the traffic.

Name	Type	Description
Inbound	string
Outbound	string

ErrorDetails

Common error details representation.

Name	Type	Description
code	string	Error code.
message	string	Error message.
target	string	Error target.

ErrorResponse

The error object.

Name	Type	Description
error	ErrorDetails	Error The error details object.

EvaluatedNetworkSecurityGroup

Results of network security group evaluation.

Name	Type	Description
appliedTo	string	Resource ID of nic or subnet to which network security group is applied.
matchedRule	MatchedRule	Matched network security rule.
networkSecurityGroupId	string	Network security group ID.
rulesEvaluationResult	NetworkSecurityRulesEvaluationResult[]	List of network security rules evaluation results.

MatchedRule

Matched rule.

Name	Type	Description
action	string	The network traffic is allowed or denied. Possible values are 'Allow' and 'Deny'.
ruleName	string	Name of the matched network security rule.

NetworkConfigurationDiagnosticParameters

Parameters to get network configuration diagnostic.

Name	Type	Description
profiles	NetworkConfigurationDiagnosticProfile[]	List of network configuration diagnostic profiles.
targetResourceId	string	The ID of the target resource to perform network configuration diagnostic. Valid options are VM, NetworkInterface, VMSS/NetworkInterface and Application Gateway.
verbosityLevel	VerbosityLevel	Verbosity level.

NetworkConfigurationDiagnosticProfile

Parameters to compare with network configuration.

Name	Type	Description
destination	string	Traffic destination. Accepted values are: '*', IP Address/CIDR, Service Tag.
destinationPort	string	Traffic destination port. Accepted values are '*' and a single port in the range (0 - 65535).
direction	Direction	The direction of the traffic.
protocol	string	Protocol to be verified on. Accepted values are '*', TCP, UDP.
source	string	Traffic source. Accepted values are '*', IP Address/CIDR, Service Tag.

NetworkConfigurationDiagnosticResponse

Results of network configuration diagnostic on the target resource.

Name	Type	Description
results	NetworkConfigurationDiagnosticResult[]	List of network configuration diagnostic results.

NetworkConfigurationDiagnosticResult

Network configuration diagnostic result corresponded to provided traffic query.

Name	Type	Description
networkSecurityGroupResult	NetworkSecurityGroupResult	Network security group result.
profile	NetworkConfigurationDiagnosticProfile	Network configuration diagnostic profile.

NetworkSecurityGroupResult

Network configuration diagnostic result corresponded provided traffic query.

Name	Type	Description
evaluatedNetworkSecurityGroups	EvaluatedNetworkSecurityGroup[]	List of results network security groups diagnostic.
securityRuleAccessResult	SecurityRuleAccess	The network traffic is allowed or denied.

NetworkSecurityRulesEvaluationResult

Network security rules evaluation result.

Name	Type	Description
destinationMatched	boolean	Value indicating whether destination is matched.
destinationPortMatched	boolean	Value indicating whether destination port is matched.
name	string	Name of the network security rule.
protocolMatched	boolean	Value indicating whether protocol is matched.
sourceMatched	boolean	Value indicating whether source is matched.
sourcePortMatched	boolean	Value indicating whether source port is matched.

SecurityRuleAccess

Whether network traffic is allowed or denied.

Name	Type	Description
Allow	string
Deny	string

VerbosityLevel

Verbosity level.

Name	Type	Description
Full	string
Minimum	string
Normal	string