![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 8%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZR%3C/text%3E%3C/svg%3E)
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
177 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hi Zach Rowitsch,
Greetings,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
The inbound/outbound direction in VNET flow logs is relative to the interface. This means:
- Inbound: Traffic entering the interface from the network.
- Outbound: Traffic leaving the interface to the network.
The firewall rule only filters the traffic based on specific criteria (e.g., source/destination IP, port, protocol). It doesn't affect the direction of the flow as it's determined by the interface itself.
Here's a breakdown:
- Interface: The physical or logical network connection point.
- Firewall Rule: A set of criteria to filter traffic.
- Flow Direction: The direction of traffic relative to the interface.
Therefore, the flow logs provide information about the direction of traffic flow in relation to the interface, and the firewall rule simply filters the traffic based on the defined criteria.
Refer: https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall
- the first flow log entry shows inbound traffic (Direction = I) to the network interface, while the second flow log entry shows outbound traffic (Direction = O) from the network interface.
About Vnet flow logs please refer the below documents:
Refer: https://learn.microsoft.com/en-us/azure/network-watcher/vnet-flow-logs-overview#related-content
Refer:
Hope this Clarifies
Thanks
Ganesh
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.