Document Details
Diagnose Vm Network Traffic Filtering Problem Powershell
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
powershell_heavy
⚠️
windows_first
⚠️
missing_linux_example
⚠️
windows_tools
Summary:
The documentation is heavily focused on Azure PowerShell, with all examples and instructions using PowerShell cmdlets. There are no examples or guidance for using Azure CLI, Bash, or other Linux-native tools, despite mentioning the creation of a Linux VM. The prerequisites and workflow assume familiarity with PowerShell, which is more common on Windows, and do not provide parity for Linux users.
Recommendations:
- Provide equivalent Azure CLI (az) command examples alongside PowerShell for all steps, as Azure CLI is cross-platform and widely used on Linux.
- In the prerequisites, mention and link to instructions for installing and using Azure CLI and Bash in Cloud Shell, not just PowerShell.
- Where possible, use neutral language (e.g., 'Azure Cloud Shell or Azure CLI/PowerShell') and avoid assuming PowerShell as the default.
- Include notes or sections specifically for Linux users, highlighting any differences or additional considerations.
- If PowerShell is required for a specific feature, explicitly state this and suggest alternatives or workarounds for Linux users.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-08-17 00:01 | #83 | in_progress | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ❌ Biased |
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
| 2025-07-09 13:09 | #3 | cancelled | ✅ Clean |
| 2025-07-08 04:23 | #2 | cancelled | ❌ Biased |
Flagged Code Snippets
1. Create a default network security group using [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup).
1. Create a virtual machine using [New-AzVM](/powershell/module/az.compute/new-azvm). When prompted, enter a username and password.
## Test network communication using IP flow verify
In this section, you use the IP flow verify capability of Network Watcher to test network communication to and from the virtual machine.
1. Use [Test-AzNetworkWatcherIPFlow](/powershell/module/az.network/test-aznetworkwatcheripflow) to test outbound communication from **myVM** to **13.107.21.200** using IP flow verify (`13.107.21.200` is one of the public IP addresses used by `www.bing.com`):
You can see in the output that address prefix **13.104.0.0/13** is among the address prefixes of **AllowInternetOutBound** rule. This prefix encompasses the IP address **13.107.21.200**, which you utilized to test outbound communication to `www.bing.com`.
Similarly, you can check the other rules to see the source and destination IP address prefixes under each rule.
## Clean up resources
When no longer needed, use [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) to delete the resource group and all of the resources it contains:
1. Create a subnet configuration for the virtual machine subnet and the Bastion host subnet using [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig).
1. Create a virtual network using [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork).
The result of the fourth test indicates that access is denied from **10.10.10.10** because of the default security rule **DenyAllInBound**. By default, all access to an Azure virtual machine from outside the virtual network is denied.
## View details of a security rule
To determine why the rules in the previous section allow or deny communication, review the effective security rules for the network interface of **myVM** virtual machine using [Get-AzEffectiveNetworkSecurityGroup](/powershell/module/az.network/get-azeffectivenetworksecuritygroup) cmdlet: