Source from repo

Azure Compute Skill

Select, configure, and scale Azure compute resources—VMs, App Service, AKS, and Container Apps

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

Skill

n/a

Size

128.8 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

workflows/vm-troubleshooter/references/firewall-blocking.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown59 linesFree

workflows/vm-troubleshooter/references/firewall-blocking.md

1# Firewall Blocking Connectivity
2 
3Guest OS firewall (Windows Firewall or Linux iptables/firewalld) is blocking inbound connections even though NSG allows them.
4 
5## Symptoms → Solutions
6 
7| Symptom                                                     | OS      | Solution                                             | Documentation                                                                                                                                          |
8| ----------------------------------------------------------- | ------- | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
9| Windows Firewall blocking RDP                               | Windows | Re-enable "Remote Desktop" firewall rule group       | [Guest OS firewall blocking](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/guest-os-firewall-blocking-inbound-traffic) |
10| Firewall policy set to BlockInboundAlways                   | Windows | Reset to `blockinbound,allowoutbound` policy         | [Enable/disable firewall rule](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/enable-disable-firewall-rule-guest-os)    |
11| Third-party AV/firewall blocking                            | Windows | Stop the third-party service, test, then reconfigure | [Guest OS firewall blocking](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/guest-os-firewall-blocking-inbound-traffic) |
12| iptables/nftables blocking SSH (port 22)                    | Linux   | Add allow rule or flush blocking chain               | [Troubleshoot SSH connection](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection)                 |
13| firewalld blocking SSH                                      | Linux   | Open port 22 in the active zone                      | [Troubleshoot SSH connection](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection)                 |
14| UFW blocking SSH (Ubuntu/Debian)                            | Linux   | Run `ufw allow 22/tcp` or disable UFW temporarily    | [Troubleshoot SSH connection](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection)                 |
15| Cannot access firewall settings — no connectivity (Windows) | Windows | Use offline repair VM to modify registry             | [Disable guest OS firewall offline](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/disable-guest-os-firewall-windows)   |
16| Cannot access firewall settings — no connectivity (Linux)   | Linux   | Use Serial Console or repair VM to edit iptables/firewalld config | [Repair Linux VM commands](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/repair-linux-vm-using-azure-virtual-machine-repair-commands) |
17 
18## Quick Commands — Windows
19 
20> ⚠️ **Warning:** Commands marked with ⚡ use the VM agent/extensions. Run [Pre-Flight Safety Checks](cannot-connect-to-vm.md#pre-flight-safety-checks) before using them.
21 
22```bash
23# ⚡ Reset RDP config (re-enables RDP, creates firewall rule for 3389)
24az vm user reset-remote-desktop --name <vm-name> -g <resource-group>
25 
26# ⚡ Query Windows Firewall rules via Run Command
27az vm run-command invoke --name <vm-name> -g <resource-group> \
28  --command-id RunPowerShellScript \
29  --scripts "netsh advfirewall firewall show rule name='Remote Desktop - User Mode (TCP-In)'"
30 
31# ⚡ Enable Remote Desktop firewall rule via Run Command
32az vm run-command invoke --name <vm-name> -g <resource-group> \
33  --command-id RunPowerShellScript \
34  --scripts "netsh advfirewall firewall set rule group='Remote Desktop' new enable=yes"
35```
36 
37## Quick Commands — Linux
38 
39> ⚠️ **Warning:** Commands below use the VM agent/extensions. Run [Pre-Flight Safety Checks](cannot-connect-to-vm.md#pre-flight-safety-checks) before using them.
40 
41```bash
42# ⚡ Check iptables rules via Run Command
43az vm run-command invoke --name <vm-name> -g <resource-group> \
44  --command-id RunShellScript --scripts "iptables -L -n --line-numbers"
45 
46# ⚡ Allow SSH through iptables via Run Command
47az vm run-command invoke --name <vm-name> -g <resource-group> \
48  --command-id RunShellScript --scripts "iptables -I INPUT -p tcp --dport 22 -j ACCEPT"
49 
50# ⚡ Check firewalld status and open SSH via Run Command
51az vm run-command invoke --name <vm-name> -g <resource-group> \
52  --command-id RunShellScript \
53  --scripts "firewall-cmd --state && firewall-cmd --add-service=ssh --permanent && firewall-cmd --reload"
54 
55# Check/allow UFW (Ubuntu/Debian) via Run Command
56az vm run-command invoke --name <vm-name> -g <resource-group> \
57  --command-id RunShellScript --scripts "ufw status; ufw allow 22/tcp"
58```
59

Preparing the source view

Azure Compute Skill

workflows/vm-troubleshooter/references/firewall-blocking.md