• regional service (1 per region per subscription)
• provides tools to do network related troubleshooting

Network Watcher provides three types of tools

Monitoring

Topology

• for looking at entire NW config

Connection Monitor

• provides end-to-end monitoring between Azure and hybrid endpoints

To start using Connection monitor for monitoring, follow these steps:

1. Install monitoring agents.
2. Enable Network Watcher on your subscription.
3. Create a connection monitor.
4. Analyze monitoring data and set alerts.
5. Diagnose issues in your network.

Network Diagnostic Tools

IP flow verify

• detect traffic filtering issues at a virtual machine level.
• tells which NSG or rule allowed or denied traffic

NSG diagnostics

• detect traffic filtering issues at a Azure VM, VMSS, or Azure Application Gateway level

Next hop

• detect routing issues
• what is the next hop (type, ip, route-table ID)

Effective security rules

• shows NSG rules applied at the VM NIC
• shows rules applied at the subnet level
• and aggregate of the two

Connection troubleshoot

• test a connection between a virtual machine, a virtual machine scale set, an application gateway, or a Bastion host and a virtual machine, an FQDN, a URI, or an IPv4 address
• similar to connection monitor but this is point in time whereas monitor is over a duration

Packet capture

• remotely create packet capture sessions to track traffic to and from a virtual machine (VM) or a virtual machine scale set

VPN troubleshoot

• troubleshoot virtual network gateways and their connections

Traffic

Flow Logs

• NSG flow logs
  • sent to Azure storage from where it can be exported
• VNET flow logs
  • log traffic flowing through VNet
  • sent to Azure storage from where it can be exported

Traffic Analytics

• provides rich visualizations of flow logs data

---

references:

MS Learn MS Docs - Overview