Source from repo

Azure Compute Skill

Get Azure VM and VM Scale Set recommendations based on workload, performance, and budget needs.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

Skill

n/a

Size

128.8 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

workflows/vm-troubleshooter/references/firewall-blocking.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown59 linesFree

workflows/vm-troubleshooter/references/firewall-blocking.md

1# Firewall Blocking Connectivity
2 
3Guest OS firewall (Windows Firewall or Linux iptables/firewalld) is blocking inbound connections even though NSG allows them.
4 
5## Symptoms → Solutions
6 
7| Symptom                                                     | OS      | Solution                                             | Documentation                                                                                                                                          |
8| ----------------------------------------------------------- | ------- | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
9| Windows Firewall blocking RDP                               | Windows | Re-enable "Remote Desktop" firewall rule group       | [Guest OS firewall blocking](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/guest-os-firewall-blocking-inbound-traffic) |
10| Firewall policy set to BlockInboundAlways                   | Windows | Reset to `blockinbound,allowoutbound` policy         | [Enable/disable firewall rule](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/enable-disable-firewall-rule-guest-os)    |
11| Third-party AV/firewall blocking                            | Windows | Stop the third-party service, test, then reconfigure | [Guest OS firewall blocking](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/guest-os-firewall-blocking-inbound-traffic) |
12| iptables/nftables blocking SSH (port 22)                    | Linux   | Add allow rule or flush blocking chain               | [Troubleshoot SSH connection](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection)                 |
13| firewalld blocking SSH                                      | Linux   | Open port 22 in the active zone                      | [Troubleshoot SSH connection](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection)                 |
14| UFW blocking SSH (Ubuntu/Debian)                            | Linux   | Run `ufw allow 22/tcp` or disable UFW temporarily    | [Troubleshoot SSH connection](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection)                 |
15| Cannot access firewall settings — no connectivity (Windows) | Windows | Use offline repair VM to modify registry             | [Disable guest OS firewall offline](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/disable-guest-os-firewall-windows)   |
16| Cannot access firewall settings — no connectivity (Linux)   | Linux   | Use Serial Console or repair VM to edit iptables/firewalld config | [Repair Linux VM commands](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/repair-linux-vm-using-azure-virtual-machine-repair-commands) |
17 
18## Quick Commands — Windows
19 
20> ⚠️ **Warning:** Commands marked with ⚡ use the VM agent/extensions. Run [Pre-Flight Safety Checks](cannot-connect-to-vm.md#pre-flight-safety-checks) before using them.
21 
22```bash
23# ⚡ Reset RDP config (re-enables RDP, creates firewall rule for 3389)
24az vm user reset-remote-desktop --name <vm-name> -g <resource-group>
25 
26# ⚡ Query Windows Firewall rules via Run Command
27az vm run-command invoke --name <vm-name> -g <resource-group> \
28  --command-id RunPowerShellScript \
29  --scripts "netsh advfirewall firewall show rule name='Remote Desktop - User Mode (TCP-In)'"
30 
31# ⚡ Enable Remote Desktop firewall rule via Run Command
32az vm run-command invoke --name <vm-name> -g <resource-group> \
33  --command-id RunPowerShellScript \
34  --scripts "netsh advfirewall firewall set rule group='Remote Desktop' new enable=yes"
35```
36 
37## Quick Commands — Linux
38 
39> ⚠️ **Warning:** Commands below use the VM agent/extensions. Run [Pre-Flight Safety Checks](cannot-connect-to-vm.md#pre-flight-safety-checks) before using them.
40 
41```bash
42# ⚡ Check iptables rules via Run Command
43az vm run-command invoke --name <vm-name> -g <resource-group> \
44  --command-id RunShellScript --scripts "iptables -L -n --line-numbers"
45 
46# ⚡ Allow SSH through iptables via Run Command
47az vm run-command invoke --name <vm-name> -g <resource-group> \
48  --command-id RunShellScript --scripts "iptables -I INPUT -p tcp --dport 22 -j ACCEPT"
49 
50# ⚡ Check firewalld status and open SSH via Run Command
51az vm run-command invoke --name <vm-name> -g <resource-group> \
52  --command-id RunShellScript \
53  --scripts "firewall-cmd --state && firewall-cmd --add-service=ssh --permanent && firewall-cmd --reload"
54 
55# Check/allow UFW (Ubuntu/Debian) via Run Command
56az vm run-command invoke --name <vm-name> -g <resource-group> \
57  --command-id RunShellScript --scripts "ufw status; ufw allow 22/tcp"
58```
59

Preparing the source view

Azure Compute Skill

workflows/vm-troubleshooter/references/firewall-blocking.md